From 53a4ed1921bfa321c56a396424b36877cb725013 Mon Sep 17 00:00:00 2001 From: Swelc Date: Mon, 2 Jul 2018 21:06:57 -0500 Subject: [PATCH] Added SUDO enumeration --- atomics/T1169/T1169.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 atomics/T1169/T1169.yaml diff --git a/atomics/T1169/T1169.yaml b/atomics/T1169/T1169.yaml new file mode 100644 index 00000000..79358a9b --- /dev/null +++ b/atomics/T1169/T1169.yaml @@ -0,0 +1,20 @@ +--- +attack_technique: T1169 +display_name: SUDO + +atomic_tests: +- name: Sudo usage + description: | + Common Sudo enumeration methods. + + supported_platforms: + - macos + - linux + + executor: + name: sh + command: | + sudo -l + sudo su + cat /etc/sudoers + vim /etc/sudoers