Merge pull request #1204 from redcanaryco/clr2of8-patch-6

include full path to manage-bde.wsf. Thanks, Carrie!

atomics/Indexes/index.yaml

@@ -33063,12 +33063,12 @@ defense-evasion:
         command_to_execute:
           description: A command to execute.
           type: Path
-          default: C:\Windows\System32\calc.exe
+          default: "%windir%\\System32\\calc.exe"
       executor:
         command: |
           set comspec=#{command_to_execute}
-          cscript manage-bde.wsf
-        cleanup_command: 'set comspec=C:\Windows\System32\cmd.exe
+          cscript %windir%\System32\manage-bde.wsf
+        cleanup_command: 'set comspec=%windir%\System32\cmd.exe
 
 '
         name: command_prompt

atomics/T1216/T1216.md

@@ -52,7 +52,7 @@ Executes the signed manage-bde.wsf script with options to execute an arbitrary c
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| command_to_execute | A command to execute. | Path | C:\Windows\System32\calc.exe|
+| command_to_execute | A command to execute. | Path | %windir%\System32\calc.exe|
 
 
 #### Attack Commands: Run with `command_prompt`! 
@@ -60,12 +60,12 @@ Executes the signed manage-bde.wsf script with options to execute an arbitrary c
 
 ```cmd
 set comspec=#{command_to_execute}
-cscript manage-bde.wsf
+cscript %windir%\System32\manage-bde.wsf
 ```
 
 #### Cleanup Commands:
 ```cmd
-set comspec=C:\Windows\System32\cmd.exe
+set comspec=%windir%\System32\cmd.exe
 ```
 
 

atomics/T1216/T1216.yaml

@@ -27,12 +27,12 @@ atomic_tests:
     command_to_execute:
       description: A command to execute.
       type: Path
-      default: C:\Windows\System32\calc.exe
+      default: '%windir%\System32\calc.exe'
   executor:
     command: |
       set comspec=#{command_to_execute}
-      cscript manage-bde.wsf
+      cscript %windir%\System32\manage-bde.wsf
     cleanup_command: |
-      set comspec=C:\Windows\System32\cmd.exe
+      set comspec=%windir%\System32\cmd.exe
     name: command_prompt