From 77d4a3c9560439078b05d4dd4937aec55ec3eac4 Mon Sep 17 00:00:00 2001
From: Swelc <shane@swelcher.com>
Date: Thu, 19 Jul 2018 19:52:31 -0500
Subject: [PATCH] Added Windows Group Enumeration

---
 atomics/T1069/T1069.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/atomics/T1069/T1069.yaml b/atomics/T1069/T1069.yaml
index 0afb99fa..3d45d14a 100644
--- a/atomics/T1069/T1069.yaml
+++ b/atomics/T1069/T1069.yaml
@@ -17,3 +17,37 @@ atomic_tests:
       dscacheutil -q group
       dscl . -list /Groups
       groups
+
+- name: Permission Groups Discovery Windows
+  description: |
+    Permission Groups Discovery for Windows
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    command: |
+      net localgroup
+      net group /domain
+
+- name: Permission Groups Discovery PowerShell
+  description: |
+    Permission Groups Discovery utilizing PowerShell
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    user:
+      description: User to identify what groups a user is a member of
+      type: string
+      default: administrator
+
+  executor:
+    name: powershell
+    command: |
+      get-localgroup
+      get-ADPrinicipalGroupMembership #{user} | select name
+
+