* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* lowercase url
* T1063 Query AV via WMI test
* Generate docs from job=validate_atomics_generate_docs branch=t1063-poison-frog
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* fixed download paths so that after moving source files they will point to the right place
* moving source file (used in test 1) to /src
* moving source code file (used in test 2) to /src
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* corrections to test 1 (zip & gpg test with .sh)
-corrected test with attempt to keep spirit of the original author
-(would probably be better to break into 2 tests or re-evaluate in context of entire recent T1022, but wanted to fix obvious errors)
-requires gpg which is not on all linux so added as a prereq
-corrected a missing $ in variable reference
-corrected bash syntax
* fixes per reviewer, added cleanup, and combined zip & gpg
-went ahead and just made it where used both gpg and zip on the same file
-added cleanup
-made all files to tmp as requested
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* The Atomic tests "Logon Scripts" and Startup Folder Script" were updated
with additional input arguments. The first test required a fix to the
string type for the registry entry to allow it to function correctly.
Added a log file write command for each test to record if the commands ran at startup
correctly. Other minor syntax and description updates.
* Added cleanup commands to cleanup new run-log files added to verify success
of test.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* updating per spec to src directory
-note did not change to PathToAtomic, because the author's idea here was to download the payload "remotely"
* moved file
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1165.yaml
re-wrote draft atomic:
-automated test 1
-corrected test 2 (had a non-functional default path)
-added elevation requirement to both (would be needed)
-re-wrote titles and descriptions to be more specific and clear
-added new path (/src) for the emond plist for test 2
* correcting syntax errors including cleanup command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* added /src path + avoided using curl
-supported platforms included "linux" so no need to list out centos and ubuntu specifically
-test previously used curl to download script; which adds other elements to the test (requires proxy, remote, curl, etc.)
-updated to use $PathToAtomicsFolder variable instead
-fixed bash syntax needed to use new path
* corrected INT command (now SIGINt), from original
* rm file, now is in /src directory
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Carrie Roberts