From ebfc28708dfbd5a8e1bb9b99df29b0f16e928725 Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Tue, 17 May 2022 22:48:32 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 2 +- atomics/T1003/T1003.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index a8e5bbcc..43b39eef 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -5258,7 +5258,7 @@ credential-access: - name: Gsecdump auto_generated_guid: 96345bfc-8ae7-4b6a-80b7-223200f24ef9 description: "Dump credentials from memory using Gsecdump.\n\nUpon successful - execution, you should see domain\\username's following by two 32 characters + execution, you should see domain\\username's followed by two 32 character hashes.\n\nIf you see output that says \"compat: error: failed to create child process\", execution was likely blocked by Anti-Virus. \nYou will receive only error output if you do not run this test from an elevated context (run diff --git a/atomics/T1003/T1003.md b/atomics/T1003/T1003.md index ed928aa5..98c71121 100644 --- a/atomics/T1003/T1003.md +++ b/atomics/T1003/T1003.md @@ -19,7 +19,7 @@ Several of the tools mentioned in associated sub-techniques may be used by both ## Atomic Test #1 - Gsecdump Dump credentials from memory using Gsecdump. -Upon successful execution, you should see domain\username's following by two 32 characters hashes. +Upon successful execution, you should see domain\username's followed by two 32 character hashes. If you see output that says "compat: error: failed to create child process", execution was likely blocked by Anti-Virus. You will receive only error output if you do not run this test from an elevated context (run as administrator)