From ed32225707ea7a47fc035e6442f35bb2364c2f5c Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Mon, 2 Mar 2020 20:30:10 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/T1015/T1015.md | 6 ++---- atomics/T1204/T1204.md | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/atomics/T1015/T1015.md b/atomics/T1015/T1015.md index 6b76a632..242b244d 100644 --- a/atomics/T1015/T1015.md +++ b/atomics/T1015/T1015.md @@ -34,10 +34,8 @@ Attaches cmd.exe to a list of processes. Configure your own Input arguments to a #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| parent_list | Comma separated list of system binaries to which you want to attach each #{attached_process}. Default: "osk.exe" - | String | osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe, atbroker.exe| -| attached_process | Full path to process to attach to target in #{parent_list}. Default: cmd.exe - | Path | C:\windows\system32\cmd.exe| +| parent_list | Comma separated list of system binaries to which you want to attach each #{attached_process}. Default: "osk.exe" | String | osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe, atbroker.exe| +| attached_process | Full path to process to attach to target in #{parent_list}. Default: cmd.exe | Path | C:\windows\system32\cmd.exe| #### Attack Commands: Run with `powershell`! Elevation Required (e.g. root or admin) diff --git a/atomics/T1204/T1204.md b/atomics/T1204/T1204.md index c9ed5f67..1bc96558 100644 --- a/atomics/T1204/T1204.md +++ b/atomics/T1204/T1204.md @@ -33,8 +33,7 @@ References: |------|-------------|------|---------------| | ms_office_version | Microsoft Office version number found in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office" | String | 16.0| | ms_product | Maldoc application Word or Excel | String | Word| -| jse_path | Path for the macro to write out the "malicious" .jse file - | String | C:\Users\Public\art.jse| +| jse_path | Path for the macro to write out the "malicious" .jse file | String | C:\Users\Public\art.jse| #### Attack Commands: Run with `powershell`!