security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2023-10-27 16:16:00 +00:00
parent 708828586f
commit af16bbdd70
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.001/T1562.001.yaml
+1
View File
@@ -925,6 +925,7 @@ atomic_tests:
name: bash
elevation_required: false
- name: Tamper with Defender ATP on Linux/MacOS
auto_generated_guid: 40074085-dbc8-492b-90a3-11bcfc52fda8
description: |
With root privileges, an adversary can disable real time protection. Note, this test assumes Defender is not in passive mode and real-time protection is enabled. The use of a managed.json on Linux or Defender .plist on MacOS will prevent these changes. Tamper protection will also prevent this (available on MacOS, but not Linux at the time of writing). Installation of MDATP is a prerequisite. Installation steps vary across MacOS and Linux distros. See Microsoft public documentation for instructions: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide
supported_platforms:
atomics/used_guids.txt
+1
View File
@@ -1409,3 +1409,4 @@ e12f5d8d-574a-4e9d-8a84-c0e8b4a8a675
7f66d539-4fbe-4cfa-9a56-4a2bf660c58a
d380c318-0b34-45cb-9dad-828c11891e43
18136e38-0530-49b2-b309-eed173787471
40074085-dbc8-492b-90a3-11bcfc52fda8