From cc4d7c0a864591dd38e4e98a8fd64f2f51bc77ba Mon Sep 17 00:00:00 2001 From: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com> Date: Thu, 14 May 2020 10:57:37 -0500 Subject: [PATCH] Edited & Updated T1217 (#988) * Edited 1217 for Edge Chromium Edited 1217 atomic as it also executes for Edge Chromium on Windows * Updates T1217 Added Atomic for listing location of all FireFox bookmark databases * typo fix Co-authored-by: Carrie Roberts --- atomics/T1217/T1217.yaml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/atomics/T1217/T1217.yaml b/atomics/T1217/T1217.yaml index b0317b94..46929e98 100644 --- a/atomics/T1217/T1217.yaml +++ b/atomics/T1217/T1217.yaml @@ -73,9 +73,9 @@ atomic_tests: command: | Get-ChildItem -Path C:\Users\ -Filter Bookmarks -Recurse -ErrorAction SilentlyContinue -Force -- name: List Google Chrome Bookmarks on Windows with command prompt. +- name: List Google Chrome / Edge Chromium Bookmarks on Windows with command prompt. description: | - Searches for Google Chromes's Bookmarks file (on Windows distributions) that contains bookmarks. + Searches for Google Chromes's and Edge Chromium's Bookmarks file (on Windows distributions) that contains bookmarks. Upon execution, paths that contain bookmark files will be displayed. supported_platforms: @@ -85,3 +85,16 @@ atomic_tests: name: command_prompt command: | where /R C:\Users\ Bookmarks + +- name: List Mozilla Firefox bookmarks on Windows with command prompt. + description: | + Searches for Mozilla Firefox bookmarks file (on Windows distributions) that contains bookmarks in a SQLITE database. + Upon execution, paths that contain bookmark files will be displayed. + + supported_platforms: + - windows + + executor: + name: command_prompt + command: | + where /R C:\Users\ places.sqlite