From f321b44948eebf8bee1fcf88910dcbe13c87defe Mon Sep 17 00:00:00 2001
From: Mohana Shankar D <48013681+msdlearn@users.noreply.github.com>
Date: Tue, 27 Jun 2023 03:47:00 +0530
Subject: [PATCH] New atomic Test - Driver Enumeration using driverquery
 (#2473)

* New atomic Test - Driver Enumeration using driverquery

* Update T1082.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1082/T1082.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/atomics/T1082/T1082.yaml b/atomics/T1082/T1082.yaml
index fb6d280c..b1e86503 100644
--- a/atomics/T1082/T1082.yaml
+++ b/atomics/T1082/T1082.yaml
@@ -371,3 +371,16 @@ atomic_tests:
       wmic OS get Caption,OSArchitecture,Version
       wmic DISKDRIVE get Caption
     name: command_prompt
+- name: Driver Enumeration using DriverQuery
+  description: |
+    Executes the driverquery command to list drivers installed on the system. Adversaries utilize the feature to enumerate the driver and it can be
+    used for Exploitation. 
+    command /v - provide verbose output but not valid for signed drivers
+            /si - provide information about signed drivers 
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      driverquery /v
+      driverquery /si
+    name: command_prompt