security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove duplicate "elevation required" element (#2616)

Browse Source
This commit is contained in:
devasmith4
2023-11-23 11:39:21 -06:00
committed by GitHub
parent 7a5aedfb09
commit d70cc3fe9f
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1505.005/T1505.005.yaml
+1 -5
View File
@@ -27,7 +27,7 @@ atomic_tests:
name: powershell
- name: Modify Terminal Services DLL Path
auto_generated_guid: 18136e38-0530-49b2-b309-eed173787471
auto_generated_guid: 18136e38-0530-49b2-b309-eed173787471
description: This atomic test simulates the modification of the ServiceDll value in HKLM\System\CurrentControlSet\services\TermService\Parameters. This technique may be leveraged by adversaries to establish persistence by loading a patched version of the DLL containing malicious code.
supported_platforms:
- windows
@@ -56,9 +56,5 @@ atomic_tests:
} else {
Write-Host "Registry key not found. Make sure the 'TermService\Parameters' key exists."
}
cleanup_command: Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\services\TermService\Parameters" -Name "ServiceDll" -Value "C:\Windows\System32\termsrv.dll"
name: powershell
elevation_required: true