From ea477fa9e8bdfe27d4a39de2a9903994e9062924 Mon Sep 17 00:00:00 2001
From: Nik Seetharaman <5733460+nikseetharaman@users.noreply.github.com>
Date: Fri, 27 Jul 2018 08:40:28 -0500
Subject: [PATCH] Fix t1191.yaml

---
 atomics/T1191/T1191.yaml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/atomics/T1191/T1191.yaml b/atomics/T1191/T1191.yaml
index 7efdc2ef..6427cf0b 100644
--- a/atomics/T1191/T1191.yaml
+++ b/atomics/T1191/T1191.yaml
@@ -20,24 +20,20 @@ atomic_tests:
     command: |
       cmstp.exe /s #{inf_file_path}
 
-- name: TODO
+- name: CMSTP Executing UAC Bypass
   description: |
-    TODO
+    Adversaries may invoke cmd.exe (or other malicious commands) by embedding them in the RunPreSetupCommandsSection of an INF file
 
   supported_platforms:
     - windows
-    - macos
-    - centos
-    - ubuntu
-    - linux
 
   input_arguments:
     output_file:
-      description: TODO
-      type: todo
-      default: TODO
+      description: Path to the INF file
+      type: path
+      default: T1191_uacbypass.inf
 
   executor:
     name: command_prompt
     command: |
-      TODO
+      cmstp.exe #{inf_file_path} /au