Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-5

2020-07-03 15:53:59 +00:00
parent 3fb8f3acfa
commit eb69c4972b
6 changed files with 0 additions and 83 deletions
@@ -182,7 +182,6 @@ credential-access,T1003.003,NTDS,6,Create Symlink to Volume Shadow Copy,21748c28
 credential-access,T1040,Network Sniffing,1,Packet Capture Linux,7fe741f7-b265-4951-a7c7-320889083b3e,bash
 credential-access,T1040,Network Sniffing,2,Packet Capture macOS,9d04efee-eff5-4240-b8d2-07792b873608,bash
 credential-access,T1040,Network Sniffing,3,Packet Capture Windows Command Prompt,a5b2f6a0-24b4-493e-9590-c699f75723ca,command_prompt
-credential-access,T1040,Network Sniffing,4,Packet Capture PowerShell,2bf62970-013a-4c74-b0a8-64030874e89a,powershell
 credential-access,T1003,OS Credential Dumping,1,Powershell Mimikatz,66fb0bc1-3c3f-47e9-a298-550ecfefacbc,powershell
 credential-access,T1003,OS Credential Dumping,2,Gsecdump,96345bfc-8ae7-4b6a-80b7-223200f24ef9,command_prompt
 credential-access,T1556.002,Password Filter DLL,1,Install and Register Password Filter DLL,a7961770-beb5-4134-9674-83d7e1fa865c,powershell
@@ -466,7 +465,6 @@ discovery,T1135,Network Share Discovery,5,Share Discovery with PowerView,b1636f0
 discovery,T1040,Network Sniffing,1,Packet Capture Linux,7fe741f7-b265-4951-a7c7-320889083b3e,bash
 discovery,T1040,Network Sniffing,2,Packet Capture macOS,9d04efee-eff5-4240-b8d2-07792b873608,bash
 discovery,T1040,Network Sniffing,3,Packet Capture Windows Command Prompt,a5b2f6a0-24b4-493e-9590-c699f75723ca,command_prompt
-discovery,T1040,Network Sniffing,4,Packet Capture PowerShell,2bf62970-013a-4c74-b0a8-64030874e89a,powershell
 discovery,T1201,Password Policy Discovery,1,Examine password complexity policy - Ubuntu,085fe567-ac84-47c7-ac4c-2688ce28265b,bash
 discovery,T1201,Password Policy Discovery,2,Examine password complexity policy - CentOS/RHEL 7.x,78a12e65-efff-4617-bc01-88f17d71315d,bash
 discovery,T1201,Password Policy Discovery,3,Examine password complexity policy - CentOS/RHEL 6.x,6ce12552-0adb-4f56-89ff-95ce268f6358,bash
@@ -280,7 +280,6 @@ discovery,T1135,Network Share Discovery,3,Network Share Discovery PowerShell,1b0
 discovery,T1135,Network Share Discovery,4,View available share drives,ab39a04f-0c93-4540-9ff2-83f862c385ae,command_prompt
 discovery,T1135,Network Share Discovery,5,Share Discovery with PowerView,b1636f0a-ba82-435c-b699-0d78794d8bfd,powershell
 discovery,T1040,Network Sniffing,3,Packet Capture Windows Command Prompt,a5b2f6a0-24b4-493e-9590-c699f75723ca,command_prompt
-discovery,T1040,Network Sniffing,4,Packet Capture PowerShell,2bf62970-013a-4c74-b0a8-64030874e89a,powershell
 discovery,T1201,Password Policy Discovery,5,Examine local password policy - Windows,4588d243-f24e-4549-b2e3-e627acc089f6,command_prompt
 discovery,T1201,Password Policy Discovery,6,Examine domain password policy - Windows,46c2c362-2679-4ef5-aec9-0e958e135be4,command_prompt
 discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
@@ -412,7 +411,6 @@ credential-access,T1003.003,NTDS,4,Create Volume Shadow Copy with WMI,224f7de0-8
 credential-access,T1003.003,NTDS,5,Create Volume Shadow Copy with Powershell,542bb97e-da53-436b-8e43-e0a7d31a6c24,powershell
 credential-access,T1003.003,NTDS,6,Create Symlink to Volume Shadow Copy,21748c28-2793-4284-9e07-d6d028b66702,command_prompt
 credential-access,T1040,Network Sniffing,3,Packet Capture Windows Command Prompt,a5b2f6a0-24b4-493e-9590-c699f75723ca,command_prompt
-credential-access,T1040,Network Sniffing,4,Packet Capture PowerShell,2bf62970-013a-4c74-b0a8-64030874e89a,powershell
 credential-access,T1003,OS Credential Dumping,1,Powershell Mimikatz,66fb0bc1-3c3f-47e9-a298-550ecfefacbc,powershell
 credential-access,T1003,OS Credential Dumping,2,Gsecdump,96345bfc-8ae7-4b6a-80b7-223200f24ef9,command_prompt
 credential-access,T1556.002,Password Filter DLL,1,Install and Register Password Filter DLL,a7961770-beb5-4134-9674-83d7e1fa865c,powershell
@@ -397,7 +397,6 @@
  - Atomic Test #1: Packet Capture Linux [linux]
  - Atomic Test #2: Packet Capture macOS [macos]
  - Atomic Test #3: Packet Capture Windows Command Prompt [windows]
-  - Atomic Test #4: Packet Capture PowerShell [windows]
 - [T1003 OS Credential Dumping](../../T1003/T1003.md)
  - Atomic Test #1: Powershell Mimikatz [windows]
  - Atomic Test #2: Gsecdump [windows]
@@ -874,7 +873,6 @@
  - Atomic Test #1: Packet Capture Linux [linux]
  - Atomic Test #2: Packet Capture macOS [macos]
  - Atomic Test #3: Packet Capture Windows Command Prompt [windows]
-  - Atomic Test #4: Packet Capture PowerShell [windows]
 - [T1201 Password Policy Discovery](../../T1201/T1201.md)
  - Atomic Test #1: Examine password complexity policy - Ubuntu [linux]
  - Atomic Test #2: Examine password complexity policy - CentOS/RHEL 7.x [linux]
@@ -564,7 +564,6 @@
  - Atomic Test #5: Share Discovery with PowerView [windows]
 - [T1040 Network Sniffing](../../T1040/T1040.md)
  - Atomic Test #3: Packet Capture Windows Command Prompt [windows]
-  - Atomic Test #4: Packet Capture PowerShell [windows]
 - [T1201 Password Policy Discovery](../../T1201/T1201.md)
  - Atomic Test #5: Examine local password policy - Windows [windows]
  - Atomic Test #6: Examine domain password policy - Windows [windows]
@@ -850,7 +849,6 @@
  - Atomic Test #6: Create Symlink to Volume Shadow Copy [windows]
 - [T1040 Network Sniffing](../../T1040/T1040.md)
  - Atomic Test #3: Packet Capture Windows Command Prompt [windows]
-  - Atomic Test #4: Packet Capture PowerShell [windows]
 - [T1003 OS Credential Dumping](../../T1003/T1003.md)
  - Atomic Test #1: Powershell Mimikatz [windows]
  - Atomic Test #2: Gsecdump [windows]
@@ -18442,26 +18442,6 @@ credential-access:
          c:\windump.exe
        name: command_prompt
        elevation_required: true
-    - name: Packet Capture PowerShell
-      auto_generated_guid: 2bf62970-013a-4c74-b0a8-64030874e89a
-      description: |
-        Perform a packet capture using PowerShell with windump or tshark. This will require a host that has Wireshark/Tshark
-        installed, along with WinPCAP. Windump will require the windump executable.
-
-        Upon successful execution, tshark will spawn from powershell and capture 5 packets on interface Ethernet0.
-      supported_platforms:
-      - windows
-      input_arguments:
-        interface:
-          description: Specify interface to perform PCAP on.
-          type: String
-          default: Ethernet0
-      executor:
-        command: |
-          & "c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
-          & c:\windump.exe
-        name: powershell
-        elevation_required: true
  T1003:
    technique:
      id: attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22
@@ -36660,26 +36640,6 @@ discovery:
          c:\windump.exe
        name: command_prompt
        elevation_required: true
-    - name: Packet Capture PowerShell
-      auto_generated_guid: 2bf62970-013a-4c74-b0a8-64030874e89a
-      description: |
-        Perform a packet capture using PowerShell with windump or tshark. This will require a host that has Wireshark/Tshark
-        installed, along with WinPCAP. Windump will require the windump executable.
-
-        Upon successful execution, tshark will spawn from powershell and capture 5 packets on interface Ethernet0.
-      supported_platforms:
-      - windows
-      input_arguments:
-        interface:
-          description: Specify interface to perform PCAP on.
-          type: String
-          default: Ethernet0
-      executor:
-        command: |
-          & "c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
-          & c:\windump.exe
-        name: powershell
-        elevation_required: true
  T1201:
    technique:
      id: attack-pattern--b6075259-dba3-44e9-87c7-e954f37ec0d5
@@ -14,8 +14,6 @@ Network sniffing may also reveal configuration details, such as running services

 - [Atomic Test #3 - Packet Capture Windows Command Prompt](#atomic-test-3---packet-capture-windows-command-prompt)

- [Atomic Test #4 - Packet Capture PowerShell](#atomic-test-4---packet-capture-powershell)
-

 <br/>

@@ -137,37 +135,4 @@ c:\windump.exe



-<br/>
-<br/>
-
-## Atomic Test #4 - Packet Capture PowerShell
-Perform a packet capture using PowerShell with windump or tshark. This will require a host that has Wireshark/Tshark
-installed, along with WinPCAP. Windump will require the windump executable.
-
-Upon successful execution, tshark will spawn from powershell and capture 5 packets on interface Ethernet0.
-
-**Supported Platforms:** Windows
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value | 
-|------|-------------|------|---------------|
-| interface | Specify interface to perform PCAP on. | String | Ethernet0|
-
-
-#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
-
-
-```powershell
-& "c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
-& c:\windump.exe
-```
-
-
-
-
-
-
 <br/>