security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Disabling Firewall via Registry (#1516)

Browse Source 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
BlueTeamOps
2021-06-16 01:49:55 +10:00
committed by GitHub
parent a78c0ae822
commit 9f397c259c
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.004/T1562.004.yaml
+13
View File
@@ -36,6 +36,19 @@ atomic_tests:
cleanup_command: |
netsh advfirewall set currentprofile state on >nul 2>&1
name: command_prompt
- name: Disable Microsoft Defender Firewall via Registry
auto_generated_guid: afedc8c4-038c-4d82-b3e5-623a95f8a612
description: |
Disables the Microsoft Defender Firewall for the public profile via registry
Caution if you access remotely the host where the test runs! Especially with the cleanup command which will re-enable firewall for the current profile...
supported_platforms:
- windows
executor:
command: |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 0 /f
cleanup_command: |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d 1 /f
name: command_prompt
- name: Allow SMB and RDP on Microsoft Defender Firewall
auto_generated_guid: d9841bf8-f161-4c73-81e9-fd773a5ff8c1
description: |