diff --git a/atomics/T1572/T1572.yaml b/atomics/T1572/T1572.yaml index 5fe555df..fdd40d80 100644 --- a/atomics/T1572/T1572.yaml +++ b/atomics/T1572/T1572.yaml @@ -147,4 +147,51 @@ atomic_tests: Remove-Item C:\%userprofile%\AppData\Local\ngrok -ErrorAction Ignore name: powershell elevation_required: true +- name: Microsoft Dev tunnels (Linux/macOS) + auto_generated_guid: + description: | + Dev Tunnels enables insiders as well as threat actors to expose local ports over the internet via Microsoft dev tunnels. + This atomic will generate a dev tunnel binding it to the local service running on the provided port. Can be used to expose local services, web applications and local files etc. + Reference: + - [Microsoft Docs](https://learn.microsoft.com/en-us/tunnels/dev-tunnels-overview) + - [LOT Tunnels](https://lottunnels.github.io/lottunnels/Binaries/devtunnels/) + supported_platforms: + - linux + - macos + input_arguments: + port: + description: port number for tunnel + type: integer + default: 8080 + download_url: + description: link to download devtunnel + type: string + default: https://aka.ms/TunnelsCliDownload/linux-x64 + binary_path: + description: path to download devtunnel + type: string + default: PathToAtomicsFolder/../ExternalPayloads/devtunnel + dependencies: + - description: | + Download devtunnel + prereq_command: | + test -f #{binary_path} + get_prereq_command: | + mkdir -p $(dirname #{binary_path}) + curl -L "#{download_url}" -o "#{binary_path}" + chmod +x #{binary_path} + - description: | + Login to Microsoft Dev tunnels + prereq_command: | + #{binary_path} user show | grep -q "Not logged in" && exit 1 || exit 0 + get_prereq_command: | + echo "Login to devtunnel using the following command: #{binary_path} user login" + executor: + command: | + #{binary_path} host -p #{port} & + cleanup_command: | + pkill -9 $(basename "#{binary_path}") + #{binary_path} user logout + rm #{binary_path} + name: bash