From d93cb3713b2b3dfb093816e7ae66d1ceb02a0693 Mon Sep 17 00:00:00 2001
From: Burak Karaduman <36070747+krdmnbrk@users.noreply.github.com>
Date: Fri, 25 Oct 2024 03:14:38 +0300
Subject: [PATCH] Update T1012.yaml (#2959)

* Update T1012.yaml

New atomic added.

* Update T1012.yaml

Command structre fixed

* Update T1012.yaml

Accidentally put a space at the beginning of the file.

---------

Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
---
 atomics/T1012/T1012.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/atomics/T1012/T1012.yaml b/atomics/T1012/T1012.yaml
index 435e4c94..aaadb10e 100644
--- a/atomics/T1012/T1012.yaml
+++ b/atomics/T1012/T1012.yaml
@@ -126,3 +126,12 @@ atomic_tests:
       reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64
     name: command_prompt
     elevation_required: true
+- name: Inspect SystemStartOptions Value in Registry
+  description: The objective of this test is to query the SystemStartOptions key under HKLM\SYSTEM\CurrentControlSet\Control in the Windows registry. This action could be used to uncover specific details about how the system is configured to start, potentially aiding in understanding boot parameters or identifying security-related settings.
+    key is.
+  supported_platforms:
+  - windows
+  executor:
+    name: command_prompt
+    command: |
+      reg.exe query HKLM\SYSTEM\CurrentControlSet\Control /v SystemStartOptions