Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

atomics/Indexes/Indexes-CSV/index.csv

@@ -946,6 +946,7 @@ discovery,T1082,System Information Discovery,8,Windows MachineGUID Discovery,224
 discovery,T1082,System Information Discovery,9,Griffon Recon,69bd4abe-8759-49a6-8d21-0f15822d6370,powershell
 discovery,T1082,System Information Discovery,10,Environment variables discovery on windows,f400d1c0-1804-4ff8-b069-ef5ddd2adbf3,command_prompt
 discovery,T1082,System Information Discovery,11,Environment variables discovery on macos and linux,fcbdd43f-f4ad-42d5-98f3-0218097e2720,sh
+discovery,T1082,System Information Discovery,12,Show System Integrity Protection status (MacOS),327cc050-9e99-4c8e-99b5-1d15f2fb6b96,sh
 discovery,T1016,System Network Configuration Discovery,1,System Network Configuration Discovery on Windows,970ab6a1-0157-4f3f-9a73-ec4166754b23,command_prompt
 discovery,T1016,System Network Configuration Discovery,2,List Windows Firewall Rules,038263cb-00f4-4b0a-98ae-0696c67e1752,command_prompt
 discovery,T1016,System Network Configuration Discovery,3,System Network Configuration Discovery,c141bbdb-7fca-4254-9fd6-f47e79447e17,sh

atomics/Indexes/Indexes-CSV/macos-index.csv

@@ -131,6 +131,7 @@ discovery,T1082,System Information Discovery,2,System Information Discovery,edff
 discovery,T1082,System Information Discovery,3,List OS Information,cccb070c-df86-4216-a5bc-9fb60c74e27c,sh
 discovery,T1082,System Information Discovery,7,Hostname Discovery,486e88ea-4f56-470f-9b57-3f4d73f39133,bash
 discovery,T1082,System Information Discovery,11,Environment variables discovery on macos and linux,fcbdd43f-f4ad-42d5-98f3-0218097e2720,sh
+discovery,T1082,System Information Discovery,12,Show System Integrity Protection status (MacOS),327cc050-9e99-4c8e-99b5-1d15f2fb6b96,sh
 discovery,T1016,System Network Configuration Discovery,3,System Network Configuration Discovery,c141bbdb-7fca-4254-9fd6-f47e79447e17,sh
 discovery,T1016,System Network Configuration Discovery,8,List macOS Firewall Rules,ff1d8c25-2aa4-4f18-a425-fede4a41ee88,bash
 discovery,T1049,System Network Connections Discovery,3,System Network Connections Discovery Linux & MacOS,9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh

atomics/Indexes/Indexes-Markdown/index.md

@@ -1482,6 +1482,7 @@
   - Atomic Test #9: Griffon Recon [windows]
   - Atomic Test #10: Environment variables discovery on windows [windows]
   - Atomic Test #11: Environment variables discovery on macos and linux [macos, linux]
+  - Atomic Test #12: Show System Integrity Protection status (MacOS) [macos]
 - T1614.001 System Language Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1614 System Location Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1016 System Network Configuration Discovery](../../T1016/T1016.md)

atomics/Indexes/Indexes-Markdown/macos-index.md

@@ -346,6 +346,7 @@
   - Atomic Test #3: List OS Information [linux, macos]
   - Atomic Test #7: Hostname Discovery [linux, macos]
   - Atomic Test #11: Environment variables discovery on macos and linux [macos, linux]
+  - Atomic Test #12: Show System Integrity Protection status (MacOS) [macos]
 - T1614.001 System Language Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1614 System Location Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1016 System Network Configuration Discovery](../../T1016/T1016.md)

atomics/Indexes/index.yaml

@@ -61165,6 +61165,20 @@ discovery:
       executor:
         command: 'env
 
+'
+        name: sh
+    - name: Show System Integrity Protection status (MacOS)
+      auto_generated_guid: 327cc050-9e99-4c8e-99b5-1d15f2fb6b96
+      description: 'Read and Display System Intergrety Protection status. csrutil
+        is commonly used by malware and post-exploitation tools to determine whether
+        certain files and directories on the system are writable or not.
+
+'
+      supported_platforms:
+      - macos
+      executor:
+        command: 'csrutil status
+
 '
         name: sh
   T1614.001:

atomics/T1082/T1082.md

@@ -30,6 +30,8 @@ Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure a
 
 - [Atomic Test #11 - Environment variables discovery on macos and linux](#atomic-test-11---environment-variables-discovery-on-macos-and-linux)
 
+- [Atomic Test #12 - Show System Integrity Protection status (MacOS)](#atomic-test-12---show-system-integrity-protection-status-macos)
+
 
 <br/>
 
@@ -372,4 +374,32 @@ env
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #12 - Show System Integrity Protection status (MacOS)
+Read and Display System Intergrety Protection status. csrutil is commonly used by malware and post-exploitation tools to determine whether certain files and directories on the system are writable or not.
+
+**Supported Platforms:** macOS
+
+
+**auto_generated_guid:** 327cc050-9e99-4c8e-99b5-1d15f2fb6b96
+
+
+
+
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+csrutil status
+```
+
+
+
+
+
+
 <br/>