From ffb170aa83e84166b52db8ff449b3f5f9deeea49 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Fri, 19 Jun 2020 22:21:43 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/Indexes/index.yaml | 9 ++++++--- atomics/T1053.005/T1053.005.md | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 24f61c26..ed3285d3 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -5951,7 +5951,8 @@ privilege-escalation: "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ' - cleanup_command: 'SCHTASKS /Delete /TN "Atomic task" /F >nul 2>&1 + cleanup_command: 'SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} + /TN "Atomic task" /F >nul 2>&1 ' - name: Powershell Cmdlet Scheduled Task @@ -13949,7 +13950,8 @@ persistence: "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ' - cleanup_command: 'SCHTASKS /Delete /TN "Atomic task" /F >nul 2>&1 + cleanup_command: 'SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} + /TN "Atomic task" /F >nul 2>&1 ' - name: Powershell Cmdlet Scheduled Task @@ -39842,7 +39844,8 @@ execution: "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ' - cleanup_command: 'SCHTASKS /Delete /TN "Atomic task" /F >nul 2>&1 + cleanup_command: 'SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} + /TN "Atomic task" /F >nul 2>&1 ' - name: Powershell Cmdlet Scheduled Task diff --git a/atomics/T1053.005/T1053.005.md b/atomics/T1053.005/T1053.005.md index f39943ff..b6a84a1b 100644 --- a/atomics/T1053.005/T1053.005.md +++ b/atomics/T1053.005/T1053.005.md @@ -113,7 +113,7 @@ SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" #### Cleanup Commands: ```cmd -SCHTASKS /Delete /TN "Atomic task" /F >nul 2>&1 +SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /F >nul 2>&1 ```