From bbe0da2d8a4f958f0837149dee1c4289da3a2c7f Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Sun, 3 Apr 2022 01:03:02 +0000 Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] --- atomics/Indexes/index.yaml | 3 ++- atomics/T1112/T1112.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 40d75055..ed7590c8 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -33228,11 +33228,12 @@ defense-evasion: reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /t REG_DWORD /d 0 /f reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /t REG_DWORD /d 0 /f reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 0 /f + REM do a little cleanup immediately to avoid execution issues with later tests + reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1 cleanup_command: | reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging /v EnableModuleLogging /f >nul 2>&1 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /f >nul 2>&1 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /f >nul 2>&1 - reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1 name: command_prompt elevation_required: true - name: Windows Add Registry Value to Load Service in Safe Mode without Network diff --git a/atomics/T1112/T1112.md b/atomics/T1112/T1112.md index f3871d2f..09a13c4f 100644 --- a/atomics/T1112/T1112.md +++ b/atomics/T1112/T1112.md @@ -1190,6 +1190,8 @@ reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging /v En reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /t REG_DWORD /d 0 /f reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /t REG_DWORD /d 0 /f reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 0 /f +REM do a little cleanup immediately to avoid execution issues with later tests +reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1 ``` #### Cleanup Commands: @@ -1197,7 +1199,6 @@ reg add HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging /v EnableModuleLogging /f >nul 2>&1 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging /v EnableScriptBlockLogging /f >nul 2>&1 reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription /v EnableTranscripting /f >nul 2>&1 -reg delete HKCU\Software\Policies\Microsoft\Windows\PowerShell /v EnableScripts /f >nul 2>&1 ```