security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1112

Browse Source 
Added new technique "Enabling Remote Desktop Protocol via Remote Registry"
This commit is contained in:
Zeta
2023-03-28 14:28:40 +07:00
committed by GitHub
parent eff6370693
commit ff51371575
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1112/T1112.yaml
+13
View File
@@ -765,3 +765,16 @@ atomic_tests:
cleanup_command: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer" /v MicrosoftRedirectionProgram /t REG_EXPAND_SZ /f
name: command_prompt
elevation_required: true
- name: Enabling Remote Desktop Protocol via Remote Registry
auto_generated_guid: e3ad8e83-3089-49ff-817f-e52f8c948090
description: |
Enabling RDP through remote registry.
supported_platforms:
- windows
executor:
command: |
reg add "hklm\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 0 /f
cleanup_command: |
reg add "hklm\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 2 /f
name: command_prompt
elevation_required: true