diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index eb30fb86..93d419bd 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -1584,7 +1584,8 @@ credential-access: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -2071,7 +2072,8 @@ credential-access: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -3149,15 +3151,8 @@ credential-access: ' get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $url = 'https://github.com/gentilkiwi/mimikatz/releases/latest' - $request = [System.Net.WebRequest]::Create($url) - $response = $request.GetResponse() - $realTagUrl = $response.ResponseUri.OriginalString - $version = $realTagUrl.split('/')[-1] - $fileName = 'mimikatz_trunk.zip' - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $realDownloadUrl =$realTagUrl.Replace('tag','download') + '/' + $fileName - Invoke-WebRequest $realDownloadUrl -OutFile "$env:TEMP\Mimi.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force @@ -15926,8 +15921,8 @@ privilege-escalation: get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href - Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -30812,7 +30807,8 @@ defense-evasion: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -30971,7 +30967,8 @@ defense-evasion: ' get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force @@ -32102,8 +32099,8 @@ defense-evasion: get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href - Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -33293,7 +33290,8 @@ defense-evasion: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -63421,7 +63419,8 @@ lateral-movement: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force @@ -63580,7 +63579,8 @@ lateral-movement: ' get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force diff --git a/atomics/T1003.001/T1003.001.md b/atomics/T1003.001/T1003.001.md index 024dd2aa..48a2cc91 100644 --- a/atomics/T1003.001/T1003.001.md +++ b/atomics/T1003.001/T1003.001.md @@ -340,15 +340,8 @@ if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1} ##### Get Prereq Commands: ```powershell [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -$url = 'https://github.com/gentilkiwi/mimikatz/releases/latest' -$request = [System.Net.WebRequest]::Create($url) -$response = $request.GetResponse() -$realTagUrl = $response.ResponseUri.OriginalString -$version = $realTagUrl.split('/')[-1] -$fileName = 'mimikatz_trunk.zip' -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -$realDownloadUrl =$realTagUrl.Replace('tag','download') + '/' + $fileName -Invoke-WebRequest $realDownloadUrl -OutFile "$env:TEMP\Mimi.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force diff --git a/atomics/T1003.006/T1003.006.md b/atomics/T1003.006/T1003.006.md index 8a949602..804393a0 100644 --- a/atomics/T1003.006/T1003.006.md +++ b/atomics/T1003.006/T1003.006.md @@ -56,7 +56,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1} ##### Get Prereq Commands: ```powershell $mimikatz_path = cmd /c echo #{mimikatz_path} -Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1055/T1055.md b/atomics/T1055/T1055.md index 89bdde81..fd7e0d82 100644 --- a/atomics/T1055/T1055.md +++ b/atomics/T1055/T1055.md @@ -111,8 +111,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1} ```powershell $mimikatz_path = cmd /c echo #{mimikatz_path} [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href -Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1207/T1207.md b/atomics/T1207/T1207.md index c5ccbfba..74ce9a7e 100644 --- a/atomics/T1207/T1207.md +++ b/atomics/T1207/T1207.md @@ -88,7 +88,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1} ##### Get Prereq Commands: ```powershell $mimikatz_path = cmd /c echo #{mimikatz_path} -Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1550.002/T1550.002.md b/atomics/T1550.002/T1550.002.md index 14e71e5b..42f67bac 100644 --- a/atomics/T1550.002/T1550.002.md +++ b/atomics/T1550.002/T1550.002.md @@ -57,7 +57,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1} ##### Get Prereq Commands: ```powershell $mimikatz_path = cmd /c echo #{mimikatz_path} -Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1550.003/T1550.003.md b/atomics/T1550.003/T1550.003.md index b7dff150..34a582ab 100644 --- a/atomics/T1550.003/T1550.003.md +++ b/atomics/T1550.003/T1550.003.md @@ -56,7 +56,8 @@ if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1} ##### Get Prereq Commands: ```powershell [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force diff --git a/atomics/T1558.001/T1558.001.md b/atomics/T1558.001/T1558.001.md index e6e1d49f..e4bc6e21 100644 --- a/atomics/T1558.001/T1558.001.md +++ b/atomics/T1558.001/T1558.001.md @@ -107,7 +107,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1} ##### Get Prereq Commands: ```powershell $mimikatz_path = cmd /c echo #{mimikatz_path} -Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" +$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href +Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force