security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2022-09-26 17:50:55 +00:00
parent c0c31e4c0c
commit ff75bdc167
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1547.001/T1547.001.yaml
+6
View File
@@ -177,6 +177,7 @@ atomic_tests:
name: powershell
- name: Change Startup Folder - HKLM Modify User Shell Folders Common Startup Value
auto_generated_guid: acfef903-7662-447e-a391-9c91c2f00f7b
description: |
This test will modify the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders -V "Common Startup"
value to point to a new startup folder where a payload could be stored to launch at boot. *successful execution requires system restart
@@ -203,6 +204,7 @@ atomic_tests:
elevation_required: true
- name: Change Startup Folder - HKCU Modify User Shell Folders Startup Value
auto_generated_guid: 8834b65a-f808-4ece-ad7e-2acdf647aafa
description: |
This test will modify the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders -V "Startup" value
to point to a new startup folder where a payload could be stored to launch at boot. *successful execution requires system restart
@@ -229,6 +231,7 @@ atomic_tests:
elevation_required: true
- name: HKCU - Policy Settings Explorer Run Key
auto_generated_guid: a70faea1-e206-4f6f-8d9a-67379be8f6f1
description: |
This test will create a new value under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run to launch calc.exe on boot.
*Requires reboot
@@ -250,6 +253,7 @@ atomic_tests:
elevation_required: true
- name: HKLM - Policy Settings Explorer Run Key
auto_generated_guid: b5c9a9bc-dda3-4ea0-b16a-add8e81ab75f
description: |
This test will create a HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run key value to launch calc.exe on boot.
*Requires reboot
@@ -271,6 +275,7 @@ atomic_tests:
elevation_required: true
- name: HKLM - Append Command to Winlogon Userinit KEY Value
auto_generated_guid: f7fab6cc-8ece-4ca7-a0f1-30a22fccd374
description: |
This test will append a command to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit value to launch calc.exe on boot.
* Requires reboot
@@ -295,6 +300,7 @@ atomic_tests:
elevation_required: true
- name: 'HKLM - Modify default System Shell - Winlogon Shell KEY Value '
auto_generated_guid: 1d958c61-09c6-4d9e-b26b-4130314e520e
description: |
This test change the default value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell from "explorer.exe" to the full path of "C:\Windows\explorer.exe"
to log a change to the key's default value without breaking boot sequence.
atomics/used_guids.txt
+6
View File
@@ -1149,3 +1149,9 @@ d5d5a6b0-0f92-42d8-985d-47aafa2dd4db
32d1cf1b-cbc2-4c09-8d05-07ec5c83a821
e447b83b-a698-4feb-bed1-a7aaf45c3443
d430bf85-b656-40e7-b238-42db01df0183
acfef903-7662-447e-a391-9c91c2f00f7b
8834b65a-f808-4ece-ad7e-2acdf647aafa
a70faea1-e206-4f6f-8d9a-67379be8f6f1
b5c9a9bc-dda3-4ea0-b16a-add8e81ab75f
f7fab6cc-8ece-4ca7-a0f1-30a22fccd374
1d958c61-09c6-4d9e-b26b-4130314e520e