diff --git a/atomics/T1042/T1042.md b/atomics/T1042/T1042.md
index e22832a2..f3ec4dfa 100644
--- a/atomics/T1042/T1042.md
+++ b/atomics/T1042/T1042.md
@@ -44,6 +44,6 @@ Change Default File Association From cmd.exe
#### Run it with `command_prompt`!
```
-cmd.exe assoc #{extension_to_change}="#{thing_to_execute}"
+cmd.exe assoc #{extension_to_change}="#{target_exenstion_handler}"
```
diff --git a/atomics/T1042/T1042.yaml b/atomics/T1042/T1042.yaml
index 44a01f0f..540335f7 100644
--- a/atomics/T1042/T1042.yaml
+++ b/atomics/T1042/T1042.yaml
@@ -21,4 +21,4 @@ atomic_tests:
executor:
name: command_prompt
command: |
- cmd.exe assoc #{extension_to_change}="#{thing_to_execute}"
+ cmd.exe assoc #{extension_to_change}="#{target_exenstion_handler}"
diff --git a/atomics/T1053/T1053.md b/atomics/T1053/T1053.md
index f008f183..8f7cb7f6 100644
--- a/atomics/T1053/T1053.md
+++ b/atomics/T1053/T1053.md
@@ -88,6 +88,6 @@ Create a task on a remote system
#### Run it with `command_prompt`!
```
-SCHTASKS /Create /S #{target} /RU #{UserName} /RP #{Password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
+SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
```
diff --git a/atomics/T1053/T1053.yaml b/atomics/T1053/T1053.yaml
index 9484ef5a..e81a4c38 100644
--- a/atomics/T1053/T1053.yaml
+++ b/atomics/T1053/T1053.yaml
@@ -35,6 +35,7 @@ atomic_tests:
name: command_prompt
command: |
SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
+
- name: Scheduled task Remote
description: |
Create a task on a remote system
@@ -65,4 +66,4 @@ atomic_tests:
executor:
name: command_prompt
command: |
- SCHTASKS /Create /S #{target} /RU #{UserName} /RP #{Password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
+ SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
diff --git a/atomics/T1065/T1065.md b/atomics/T1065/T1065.md
index 1120d5a0..c5ac5d70 100644
--- a/atomics/T1065/T1065.md
+++ b/atomics/T1065/T1065.md
@@ -29,11 +29,11 @@ Testing uncommonly used port utilizing PowerShell
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| port | Specify uncommon port number | String | 8081|
-| hostname | Specify target hostname | String | google.com|
+| domain | Specify target hostname | String | google.com|
#### Run it with `powershell`!
```
-test-netconnection -ComputerName #{hostname} -port #{port}
+test-netconnection -ComputerName #{domain} -port #{port}
```
@@ -48,10 +48,10 @@ Testing uncommonly used port utilizing telnet.
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| port | Specify uncommon port number | String | 8081|
-| hostname | Specify target hostname | String | google.com|
+| domain | Specify target hostname | String | google.com|
#### Run it with `sh`!
```
-telnet #{hostname} #{port}
+telnet #{domain} #{port}
```
diff --git a/atomics/T1065/T1065.yaml b/atomics/T1065/T1065.yaml
index f96d5738..1e9d56bc 100644
--- a/atomics/T1065/T1065.yaml
+++ b/atomics/T1065/T1065.yaml
@@ -15,7 +15,7 @@ atomic_tests:
description: Specify uncommon port number
type: String
default: 8081
- hostname:
+ domain:
description: Specify target hostname
type: String
default: google.com
@@ -23,7 +23,7 @@ atomic_tests:
executor:
name: powershell
command: |
- test-netconnection -ComputerName #{hostname} -port #{port}
+ test-netconnection -ComputerName #{domain} -port #{port}
- name: Testing usage of uncommonly used port
description: |
@@ -38,7 +38,7 @@ atomic_tests:
description: Specify uncommon port number
type: String
default: 8081
- hostname:
+ domain:
description: Specify target hostname
type: String
default: google.com
@@ -46,5 +46,4 @@ atomic_tests:
executor:
name: sh
command: |
- telnet #{hostname} #{port}
-
+ telnet #{domain} #{port}
diff --git a/atomics/T1075/T1075.md b/atomics/T1075/T1075.md
index 19d6b3c2..77838cdf 100644
--- a/atomics/T1075/T1075.md
+++ b/atomics/T1075/T1075.md
@@ -33,13 +33,13 @@ Note: must dump hashes first
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
-| user | username | string | Administrator|
+| user_name | username | string | Administrator|
| domain | domain | string | atomic.local|
| ntlm | ntlm hash | string | cc36cf7a8514893efccd3324464tkg1a|
#### Run it with `command_prompt`!
```
-mimikatz # sekurlsa::pth /user:#{user} /domain:#{domain} /ntlm:#{ntlm}
+mimikatz # sekurlsa::pth /user:#{user_name} /domain:#{domain} /ntlm:#{ntlm}
```
@@ -52,6 +52,6 @@ Similar to PTH, but attacking Kerberos
#### Run it with `command_prompt`!
```
-mimikatz # kerberos::ptt #{username}@#{Domain}
+mimikatz # kerberos::ptt #{user_name}@#{domain}
```
diff --git a/atomics/T1075/T1075.yaml b/atomics/T1075/T1075.yaml
index 8072ce72..0bdc358d 100644
--- a/atomics/T1075/T1075.yaml
+++ b/atomics/T1075/T1075.yaml
@@ -12,7 +12,7 @@ atomic_tests:
- windows
input_arguments:
- user:
+ user_name:
description: username
type: string
default: Administrator
@@ -28,7 +28,7 @@ atomic_tests:
executor:
name: command_prompt
command: |
- mimikatz # sekurlsa::pth /user:#{user} /domain:#{domain} /ntlm:#{ntlm}
+ mimikatz # sekurlsa::pth /user:#{user_name} /domain:#{domain} /ntlm:#{ntlm}
- name: Mimikatz Kerberos Ticket Attack
description: |
@@ -40,4 +40,4 @@ atomic_tests:
executor:
name: command_prompt
command: |
- mimikatz # kerberos::ptt #{username}@#{Domain}
+ mimikatz # kerberos::ptt #{user_name}@#{domain}
diff --git a/atomics/T1103/T1103.md b/atomics/T1103/T1103.md
index 3c4ee8ca..c4eaa967 100644
--- a/atomics/T1103/T1103.md
+++ b/atomics/T1103/T1103.md
@@ -38,6 +38,6 @@ AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded i
#### Run it with `command_prompt`!
```
-reg.exe import #{file_name}
+reg.exe import #{registry_file}
```
diff --git a/atomics/T1103/T1103.yaml b/atomics/T1103/T1103.yaml
index d1c04cf0..72f636e7 100644
--- a/atomics/T1103/T1103.yaml
+++ b/atomics/T1103/T1103.yaml
@@ -18,4 +18,4 @@ atomic_tests:
executor:
name: command_prompt
command: |
- reg.exe import #{file_name}
+ reg.exe import #{registry_file}
diff --git a/atomics/T1124/T1124.md b/atomics/T1124/T1124.md
index 86da3f8a..c4d7f6f6 100644
--- a/atomics/T1124/T1124.md
+++ b/atomics/T1124/T1124.md
@@ -34,7 +34,7 @@ Identify the system time
#### Run it with `command_prompt`!
```
-net time \\#{computername}
+net time \\#{computer_name}
w32tm /tz
```
diff --git a/atomics/T1124/T1124.yaml b/atomics/T1124/T1124.yaml
index 4a68cbe3..aa35cae0 100644
--- a/atomics/T1124/T1124.yaml
+++ b/atomics/T1124/T1124.yaml
@@ -19,7 +19,7 @@ atomic_tests:
executor:
name: command_prompt
command: |
- net time \\#{computername}
+ net time \\#{computer_name}
w32tm /tz
- name: System Time Discovery - PowerShell
diff --git a/atomics/T1191/T1191.md b/atomics/T1191/T1191.md
index 35ca6575..a274f670 100644
--- a/atomics/T1191/T1191.md
+++ b/atomics/T1191/T1191.md
@@ -56,10 +56,10 @@ Adversaries may invoke cmd.exe (or other malicious commands) by embedding them i
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
-| output_file | Path to the INF file | path | T1191_uacbypass.inf|
+| inf_file_uac | Path to the INF file | path | T1191_uacbypass.inf|
#### Run it with `command_prompt`!
```
-cmstp.exe #{inf_file_path} /au
+cmstp.exe #{inf_file_uac} /au
```
diff --git a/atomics/T1191/T1191.yaml b/atomics/T1191/T1191.yaml
index 6427cf0b..df05729d 100644
--- a/atomics/T1191/T1191.yaml
+++ b/atomics/T1191/T1191.yaml
@@ -28,7 +28,7 @@ atomic_tests:
- windows
input_arguments:
- output_file:
+ inf_file_uac:
description: Path to the INF file
type: path
default: T1191_uacbypass.inf
@@ -36,4 +36,4 @@ atomic_tests:
executor:
name: command_prompt
command: |
- cmstp.exe #{inf_file_path} /au
+ cmstp.exe #{inf_file_uac} /au