From b8ba7470ca9ec6d6e6463832a57e2765dfd4614d Mon Sep 17 00:00:00 2001
From: CaptainMoss <yenidoganbusra@gmail.com>
Date: Mon, 20 Sep 2021 21:47:43 +0300
Subject: [PATCH] Update T1056.001.yaml (#1632)

Why executor name is command prompt ? It should be 'sh' for linux platforms right ?
---
 atomics/T1056.001/T1056.001.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/atomics/T1056.001/T1056.001.yaml b/atomics/T1056.001/T1056.001.yaml
index 317342b3..6e5f5388 100644
--- a/atomics/T1056.001/T1056.001.yaml
+++ b/atomics/T1056.001/T1056.001.yaml
@@ -104,7 +104,7 @@ atomic_tests:
       type: String
       default: /tmp/.keyboard.log
   executor:
-    name: command_prompt
+    name: sh
     elevation_required: false 
     command: | 
       trap 'echo "$(date +"%d/%m/%y %H:%M:%S.%s") $USER $BASH_COMMAND" >> #{output_file}' DEBUG
@@ -133,7 +133,7 @@ atomic_tests:
       type: String
       default: ubuntu
   executor:
-    name: command_prompt
+    name: sh
     elevation_required: true 
     command: | 
       cp -v /etc/pam.d/sshd /tmp/
@@ -163,7 +163,7 @@ atomic_tests:
       get_prereq_command: | 
         echo ""
   executor:
-    name: command_prompt
+    name: sh
     elevation_required: true 
     command: | 
       auditctl -a always,exit -F arch=b64 -S execve -k CMDS