Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

atomics/Indexes/Indexes-CSV/index.csv

@@ -863,6 +863,9 @@ discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password
 discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
 discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
 discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
+discovery,T1057,Process Discovery,3,Process Discovery - Get-Process,3b3809b6-a54b-4f5b-8aff-cb51f2e97b34,powershell
+discovery,T1057,Process Discovery,4,Process Discovery - get-wmiObject,b51239b4-0129-474f-a2b4-70f855b9f2c2,powershell
+discovery,T1057,Process Discovery,5,Process Discovery - wmic process,640cbf6d-659b-498b-ba53-f6dd1a1cc02c,command_prompt
 discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
 discovery,T1018,Remote System Discovery,1,Remote System Discovery - net,85321a9c-897f-4a60-9f20-29788e50bccd,command_prompt
 discovery,T1018,Remote System Discovery,2,Remote System Discovery - net group Domain Computers,f1bf6c8f-9016-4edf-aff9-80b65f5d711f,command_prompt

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -584,6 +584,9 @@ discovery,T1201,Password Policy Discovery,8,Get-DomainPolicy with PowerView,3177
 discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy,b2698b33-984c-4a1c-93bb-e4ba72a0babb,powershell
 discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
 discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
+discovery,T1057,Process Discovery,3,Process Discovery - Get-Process,3b3809b6-a54b-4f5b-8aff-cb51f2e97b34,powershell
+discovery,T1057,Process Discovery,4,Process Discovery - get-wmiObject,b51239b4-0129-474f-a2b4-70f855b9f2c2,powershell
+discovery,T1057,Process Discovery,5,Process Discovery - wmic process,640cbf6d-659b-498b-ba53-f6dd1a1cc02c,command_prompt
 discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
 discovery,T1018,Remote System Discovery,1,Remote System Discovery - net,85321a9c-897f-4a60-9f20-29788e50bccd,command_prompt
 discovery,T1018,Remote System Discovery,2,Remote System Discovery - net group Domain Computers,f1bf6c8f-9016-4edf-aff9-80b65f5d711f,command_prompt

atomics/Indexes/Indexes-Markdown/index.md

@@ -1378,6 +1378,9 @@
 - [T1057 Process Discovery](../../T1057/T1057.md)
   - Atomic Test #1: Process Discovery - ps [macos, linux]
   - Atomic Test #2: Process Discovery - tasklist [windows]
+  - Atomic Test #3: Process Discovery - Get-Process [windows]
+  - Atomic Test #4: Process Discovery - get-wmiObject [windows]
+  - Atomic Test #5: Process Discovery - wmic process [windows]
 - [T1012 Query Registry](../../T1012/T1012.md)
   - Atomic Test #1: Query Registry [windows]
 - [T1018 Remote System Discovery](../../T1018/T1018.md)

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -980,6 +980,9 @@
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1057 Process Discovery](../../T1057/T1057.md)
   - Atomic Test #2: Process Discovery - tasklist [windows]
+  - Atomic Test #3: Process Discovery - Get-Process [windows]
+  - Atomic Test #4: Process Discovery - get-wmiObject [windows]
+  - Atomic Test #5: Process Discovery - wmic process [windows]
 - [T1012 Query Registry](../../T1012/T1012.md)
   - Atomic Test #1: Query Registry [windows]
 - [T1018 Remote System Discovery](../../T1018/T1018.md)

atomics/Indexes/index.yaml

@@ -57394,6 +57394,42 @@ discovery:
       executor:
         command: 'tasklist
 
+'
+        name: command_prompt
+    - name: Process Discovery - Get-Process
+      auto_generated_guid: 3b3809b6-a54b-4f5b-8aff-cb51f2e97b34
+      description: "Utilize Get-Process PowerShell cmdlet to identify processes.\n\nUpon
+        successful execution, powershell.exe will execute Get-Process to list processes.
+        Output will be via stdout. \n"
+      supported_platforms:
+      - windows
+      executor:
+        command: 'Get-Process
+
+'
+        name: powershell
+    - name: Process Discovery - get-wmiObject
+      auto_generated_guid: b51239b4-0129-474f-a2b4-70f855b9f2c2
+      description: "Utilize get-wmiObject PowerShell cmdlet to identify processes.\n\nUpon
+        successful execution, powershell.exe will execute get-wmiObject to list processes.
+        Output will be via stdout. \n"
+      supported_platforms:
+      - windows
+      executor:
+        command: 'get-wmiObject -class Win32_Process
+
+'
+        name: powershell
+    - name: Process Discovery - wmic process
+      auto_generated_guid: 640cbf6d-659b-498b-ba53-f6dd1a1cc02c
+      description: "Utilize windows management instrumentation to identify processes.\n\nUpon
+        successful execution, WMIC will execute process to list processes. Output
+        will be via stdout. \n"
+      supported_platforms:
+      - windows
+      executor:
+        command: 'wmic process get /format:list
+
 '
         name: command_prompt
   T1012:

atomics/T1057/T1057.md

@@ -10,6 +10,12 @@ In Windows environments, adversaries could obtain details on running processes u
 
 - [Atomic Test #2 - Process Discovery - tasklist](#atomic-test-2---process-discovery---tasklist)
 
+- [Atomic Test #3 - Process Discovery - Get-Process](#atomic-test-3---process-discovery---get-process)
+
+- [Atomic Test #4 - Process Discovery - get-wmiObject](#atomic-test-4---process-discovery---get-wmiobject)
+
+- [Atomic Test #5 - Process Discovery - wmic process](#atomic-test-5---process-discovery---wmic-process)
+
 
 <br/>
 
@@ -80,4 +86,94 @@ tasklist
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #3 - Process Discovery - Get-Process
+Utilize Get-Process PowerShell cmdlet to identify processes.
+
+Upon successful execution, powershell.exe will execute Get-Process to list processes. Output will be via stdout.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 3b3809b6-a54b-4f5b-8aff-cb51f2e97b34
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Get-Process
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #4 - Process Discovery - get-wmiObject
+Utilize get-wmiObject PowerShell cmdlet to identify processes.
+
+Upon successful execution, powershell.exe will execute get-wmiObject to list processes. Output will be via stdout.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** b51239b4-0129-474f-a2b4-70f855b9f2c2
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+get-wmiObject -class Win32_Process
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #5 - Process Discovery - wmic process
+Utilize windows management instrumentation to identify processes.
+
+Upon successful execution, WMIC will execute process to list processes. Output will be via stdout.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 640cbf6d-659b-498b-ba53-f6dd1a1cc02c
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`! 
+
+
+```cmd
+wmic process get /format:list
+```
+
+
+
+
+
+
 <br/>