security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-01-29 15:55:01 +00:00
parent a68803c0c3
commit b98739b474
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+2 -2
View File
@@ -97261,8 +97261,8 @@ discovery:
supported_platforms:
- windows
executor:
command: powershell -c "get-eventlog 'Security' | where {$_.Message -like
'*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
command: powershell -c {get-eventlog 'Security' | where {$_.Message -like
'*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
cleanup_command: powershell -c "remove-item $env:temp\T1654_events.txt -ErrorAction
Ignore"
name: powershell
atomics/Indexes/windows-index.yaml
+2 -2
View File
@@ -79162,8 +79162,8 @@ discovery:
supported_platforms:
- windows
executor:
command: powershell -c "get-eventlog 'Security' | where {$_.Message -like
'*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
command: powershell -c {get-eventlog 'Security' | where {$_.Message -like
'*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
cleanup_command: powershell -c "remove-item $env:temp\T1654_events.txt -ErrorAction
Ignore"
name: powershell
atomics/T1654/T1654.md
+1 -1
View File
@@ -35,7 +35,7 @@ Successful execution will save matching log events to the users temp folder.
```powershell
powershell -c "get-eventlog 'Security' | where {$_.Message -like '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
powershell -c {get-eventlog 'Security' | where {$_.Message -like '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
```
#### Cleanup Commands: