security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2023-06-30 14:01:26 +00:00
parent d021dd01dd
commit dfd1f98327
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.001/T1562.001.yaml
+1
View File
@@ -876,6 +876,7 @@ atomic_tests:
name: powershell
elevation_required: true
- name: AMSI Bypass - Override AMSI via COM
auto_generated_guid: 17538258-5699-4ff1-92d1-5ac9b0dc21f5
description: |
With administrative rights, an adversary can disable AMSI via registry value in HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec} by overriding the Microsoft Defender COM object for AMSI and points it to a DLL that does not exist.
This is currently being used by AsyncRAT and others.
atomics/used_guids.txt
+1
View File
@@ -1366,3 +1366,4 @@ d58d749c-4450-4975-a9e9-8b1d562755c2
e43cfdaf-3fb8-4a45-8de0-7eee8741d072
2a78362e-b79a-4482-8e24-be397bce4d85
bd85e3d1-4aeb-4a1d-850f-7be3cb8d60b9
17538258-5699-4ff1-92d1-5ac9b0dc21f5