security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T1482 additional techniques (#2236)

Browse Source 
* Updated T1482.md

Additional trust enumeration techniques.

* Update T1482.yaml

Additional trust enumeration techniques.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
0xv1n
2022-11-21 09:42:51 -05:00
committed by GitHub
parent 6a621382ba
commit ee62e616b9
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1482/T1482.md
+2
View File
@@ -72,6 +72,7 @@ This technique has been used by the Trickbot malware family.
```cmd
nltest /domain_trusts
nltest /trusted_domains
```
@@ -117,6 +118,7 @@ Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
Get-ADGroupMember Administrators -Recursive
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
```
atomics/T1482/T1482.yaml
+2
View File
@@ -30,6 +30,7 @@ atomic_tests:
executor:
command: |
nltest /domain_trusts
nltest /trusted_domains
name: command_prompt
- name: Powershell enumerate domains and forests
auto_generated_guid: c58fbc62-8a62-489e-8f2d-3565d7d96f30
@@ -59,6 +60,7 @@ atomic_tests:
Get-NetForestTrust
Get-ADDomain
Get-ADGroupMember Administrators -Recursive
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
name: powershell
- name: Adfind - Enumerate Active Directory OUs
auto_generated_guid: d1c73b96-ab87-4031-bad8-0e1b3b8bf3ec