* Create T1595.002.yaml
* Added vbscript (griffon recon) for test 1
Script ref. (public gist) https://gist.githubusercontent.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d/raw/55ecbf8f83c36984371a335991f6cf4f2022319b/gistfile1.txt
* added run as priv user
n/a
* removed guid accidentally put in
* removed extra line
* checking syntax final
* remove dependency line
* minor updates to invoke the build process again
* removing elevation required
thanks for that additional review, carrie
* moving to T1082 per review
* adding test 8 (griffon recon)
* create griffon_recon.vbs for test 8
script used here was reduced by security researcher Kirk Sayre (github.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d),
and it gives the exact same recon behavior, hash mentioned in the code, as the original (minus the C2 interaction).
* moving vbs file to T1082 per review
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
JB