security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'redcanaryco:master' into patch-1

Browse Source
This commit is contained in:
D4rkCiph3r
2023-02-21 11:19:45 +05:30
committed by GitHub
parent 9184e421e9 7cfbdc1449
commit bb23c59f41
4 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+4 -4
View File
@@ -40078,11 +40078,11 @@ privilege-escalation:
script_location:
description: evil plist location
type: path
default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
script_destination:
description: Path where to move the evil plist
type: path
default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
empty_file:
description: Random name of the empty file used to trigger emond service
type: string
@@ -63920,11 +63920,11 @@ persistence:
script_location:
description: evil plist location
type: path
default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
script_destination:
description: Path where to move the evil plist
type: path
default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
empty_file:
description: Random name of the empty file used to trigger emond service
type: string
atomics/Indexes/macos-index.yaml
+4 -4
View File
@@ -25215,11 +25215,11 @@ privilege-escalation:
script_location:
description: evil plist location
type: path
default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
script_destination:
description: Path where to move the evil plist
type: path
default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
empty_file:
description: Random name of the empty file used to trigger emond service
type: string
@@ -41310,11 +41310,11 @@ persistence:
script_location:
description: evil plist location
type: path
default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
script_destination:
description: Path where to move the evil plist
type: path
default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
empty_file:
description: Random name of the empty file used to trigger emond service
type: string
atomics/T1543.001/T1543.001.md
+2 -2
View File
@@ -83,8 +83,8 @@ This test adds persistence via a plist to execute via the macOS Event Monitor Da
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| script_location | evil plist location | path | $PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist|
| script_destination | Path where to move the evil plist | path | /etc/emond.d/rules/atomicredteam_T1053_004.plist|
| script_location | evil plist location | path | $PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist|
| script_destination | Path where to move the evil plist | path | /etc/emond.d/rules/atomicredteam_T1543_001.plist|
| empty_file | Random name of the empty file used to trigger emond service | string | randomflag|
atomics/T1543.001/T1543.001.yaml
+2 -2
View File
@@ -45,11 +45,11 @@ atomic_tests:
script_location:
description: evil plist location
type: path
default: $PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist
default: $PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist
script_destination:
description: Path where to move the evil plist
type: path
default: /etc/emond.d/rules/atomicredteam_T1053_004.plist
default: /etc/emond.d/rules/atomicredteam_T1543_001.plist
empty_file:
description: Random name of the empty file used to trigger emond service
type: string