security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

Browse Source
This commit is contained in:
CircleCI Atomic Red Team GUID generator
2021-01-07 16:43:06 +00:00
parent 6f40ae85f5
commit ed7d3faabd
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1047/T1047.yaml
+1
View File
@@ -107,6 +107,7 @@ atomic_tests:
wmic /user:#{user_name} /password:#{password} /node:"#{node}" process where name='#{process_to_execute}' delete >nul 2>&1
name: command_prompt
- name: Create a Process using WMI Query and an Encoded Command
auto_generated_guid: 7db7a7f9-9531-4840-9b30-46220135441c
description: |
Solarigate persistence is achieved via backdoors deployed via various techniques including using PowerShell with an EncodedCommand
Powershell -nop -exec bypass -EncodedCommand <encoded command>
atomics/used_guids.txt
+1
View File
@@ -648,3 +648,4 @@ a524ce99-86de-4db6-b4f9-e08f35a47a15
129efd28-8497-4c87-a1b0-73b9a870ca3e
f14d956a-5b6e-4a93-847f-0c415142f07d
c2969434-672b-4ec8-8df0-bbb91f40e250
7db7a7f9-9531-4840-9b30-46220135441c