Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
This commit is contained in:
CircleCI Atomic Red Team doc generator
parent
39954ec1af
commit
c0591491f1
@@ -39466,11 +39466,19 @@ defense-evasion:
|
||||
description: XML to execution
|
||||
type: path
|
||||
default: PathToAtomicsFolder\T1218\src\T1218.xml
|
||||
mwcpath:
|
||||
description: Default location of Microsoft.Workflow.Compiler.exe
|
||||
type: Path
|
||||
default: C:\Windows\Microsoft.NET\Framework64\v4.0.30319
|
||||
mwcname:
|
||||
description: Default name of microsoft.workflow.compiler.exe
|
||||
type: Path
|
||||
default: microsoft.workflow.compiler.exe
|
||||
dependency_executor_name: powershell
|
||||
dependencies:
|
||||
- description: ".Net must be installed for this test to work correctly.\n"
|
||||
prereq_command: 'if (Test-Path C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe
|
||||
) {exit 0} else {exit 1}
|
||||
prereq_command: 'if (Test-Path #{mwcpath}\#{mwcname} ) {exit 0} else {exit
|
||||
1}
|
||||
|
||||
'
|
||||
get_prereq_command: 'write-host ".Net must be installed for this test to work
|
||||
@@ -39478,9 +39486,9 @@ defense-evasion:
|
||||
|
||||
'
|
||||
executor:
|
||||
command: |
|
||||
Set-Location -path PathToAtomicsFolder\T1218\src ;
|
||||
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe "#{xml_payload}" output.txt
|
||||
command: '#{mwcpath}\#{mwcname} "#{xml_payload}" output.txt
|
||||
|
||||
'
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
- name: Renamed Microsoft.Workflow.Compiler.exe Payload Executions
|
||||
@@ -39500,20 +39508,26 @@ defense-evasion:
|
||||
description: renamed Microsoft.Workflow.Compiler
|
||||
type: path
|
||||
default: PathToAtomicsFolder\T1218\src\svchost.exe
|
||||
mwcpath:
|
||||
description: Default location of Microsoft.Workflow.Compiler.exe
|
||||
type: Path
|
||||
default: C:\Windows\Microsoft.NET\Framework64\v4.0.30319
|
||||
mwcname:
|
||||
description: Default name of microsoft.workflow.compiler.exe
|
||||
type: Path
|
||||
default: microsoft.workflow.compiler.exe
|
||||
dependency_executor_name: powershell
|
||||
dependencies:
|
||||
- description: ".Net must be installed for this test to work correctly.\n"
|
||||
prereq_command: |
|
||||
Copy-Item C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe "#{renamed_binary}" -Force
|
||||
Copy-Item #{mwcpath}\#{mwcname} "#{renamed_binary}" -Force
|
||||
if (Test-Path "#{renamed_binary}") {exit 0} else {exit 1}
|
||||
get_prereq_command: 'write-host "you need to rename workflow complier before
|
||||
you run this test"
|
||||
|
||||
'
|
||||
executor:
|
||||
command: |
|
||||
Set-Location -path PathToAtomicsFolder\T1218\src ;
|
||||
#{renamed_binary} #{xml_payload} output.txt
|
||||
command: "#{renamed_binary} #{xml_payload} output.txt\n"
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
- name: Invoke-ATHRemoteFXvGPUDisablementCommand base test
|
||||
|
||||
@@ -235,14 +235,15 @@ Emulates attack with Microsoft.Workflow.Compiler.exe running a .Net assembly tha
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| xml_payload | XML to execution | path | PathToAtomicsFolder\T1218\src\T1218.xml|
|
||||
| mwcpath | Default location of Microsoft.Workflow.Compiler.exe | Path | C:\Windows\Microsoft.NET\Framework64\v4.0.30319|
|
||||
| mwcname | Default name of microsoft.workflow.compiler.exe | Path | microsoft.workflow.compiler.exe|
|
||||
|
||||
|
||||
#### Attack Commands: Run with `powershell`!
|
||||
|
||||
|
||||
```powershell
|
||||
Set-Location -path PathToAtomicsFolder\T1218\src ;
|
||||
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe "#{xml_payload}" output.txt
|
||||
#{mwcpath}\#{mwcname} "#{xml_payload}" output.txt
|
||||
```
|
||||
|
||||
|
||||
@@ -252,7 +253,7 @@ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe
|
||||
##### Description: .Net must be installed for this test to work correctly.
|
||||
##### Check Prereq Commands:
|
||||
```powershell
|
||||
if (Test-Path C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe ) {exit 0} else {exit 1}
|
||||
if (Test-Path #{mwcpath}\#{mwcname} ) {exit 0} else {exit 1}
|
||||
```
|
||||
##### Get Prereq Commands:
|
||||
```powershell
|
||||
@@ -278,13 +279,14 @@ Emulates attack with a renamed Microsoft.Workflow.Compiler.exe running a .Net as
|
||||
|------|-------------|------|---------------|
|
||||
| xml_payload | XML to execution | path | PathToAtomicsFolder\T1218\src\T1218.xml|
|
||||
| renamed_binary | renamed Microsoft.Workflow.Compiler | path | PathToAtomicsFolder\T1218\src\svchost.exe|
|
||||
| mwcpath | Default location of Microsoft.Workflow.Compiler.exe | Path | C:\Windows\Microsoft.NET\Framework64\v4.0.30319|
|
||||
| mwcname | Default name of microsoft.workflow.compiler.exe | Path | microsoft.workflow.compiler.exe|
|
||||
|
||||
|
||||
#### Attack Commands: Run with `powershell`!
|
||||
|
||||
|
||||
```powershell
|
||||
Set-Location -path PathToAtomicsFolder\T1218\src ;
|
||||
#{renamed_binary} #{xml_payload} output.txt
|
||||
```
|
||||
|
||||
@@ -295,7 +297,7 @@ Set-Location -path PathToAtomicsFolder\T1218\src ;
|
||||
##### Description: .Net must be installed for this test to work correctly.
|
||||
##### Check Prereq Commands:
|
||||
```powershell
|
||||
Copy-Item C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe "#{renamed_binary}" -Force
|
||||
Copy-Item #{mwcpath}\#{mwcname} "#{renamed_binary}" -Force
|
||||
if (Test-Path "#{renamed_binary}") {exit 0} else {exit 1}
|
||||
```
|
||||
##### Get Prereq Commands:
|
||||
|
||||
Reference in New Issue
Block a user