From ee62e616b99bdd0a3e8e10143b0b3fb434244d72 Mon Sep 17 00:00:00 2001
From: 0xv1n <11021725+0xv1n@users.noreply.github.com>
Date: Mon, 21 Nov 2022 09:42:51 -0500
Subject: [PATCH] T1482 additional techniques (#2236)

* Updated T1482.md

Additional trust enumeration techniques.

* Update T1482.yaml

Additional trust enumeration techniques.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1482/T1482.md   | 2 ++
 atomics/T1482/T1482.yaml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/atomics/T1482/T1482.md b/atomics/T1482/T1482.md
index 30227654..4fad2de7 100644
--- a/atomics/T1482/T1482.md
+++ b/atomics/T1482/T1482.md
@@ -72,6 +72,7 @@ This technique has been used by the Trickbot malware family.
 
 ```cmd
 nltest /domain_trusts
+nltest /trusted_domains
 ```
 
 
@@ -117,6 +118,7 @@ Get-NetDomainTrust
 Get-NetForestTrust
 Get-ADDomain
 Get-ADGroupMember Administrators -Recursive
+([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
 ```
 
 
diff --git a/atomics/T1482/T1482.yaml b/atomics/T1482/T1482.yaml
index c369728b..6a854918 100644
--- a/atomics/T1482/T1482.yaml
+++ b/atomics/T1482/T1482.yaml
@@ -30,6 +30,7 @@ atomic_tests:
   executor:
     command: |
       nltest /domain_trusts
+      nltest /trusted_domains
     name: command_prompt
 - name: Powershell enumerate domains and forests
   auto_generated_guid: c58fbc62-8a62-489e-8f2d-3565d7d96f30
@@ -59,6 +60,7 @@ atomic_tests:
       Get-NetForestTrust
       Get-ADDomain
       Get-ADGroupMember Administrators -Recursive
+      ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
     name: powershell
 - name: Adfind - Enumerate Active Directory OUs
   auto_generated_guid: d1c73b96-ab87-4031-bad8-0e1b3b8bf3ec