* Changes file extension of Test 1195 so that the file is detected and there is no error anymore
* Update T1195.yaml
Co-authored-by: Georg Schlagholz <georg.schlagholz@it-native.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* ChallengeBounty T1615 LOLB Get-GPO cmdlet
* Added changes
Took out variableInput and put in $ENV:userdnsdomain, on attack command also made the CheckPreqs say people need to install RSAT manually for GroupPolicy and ActiveDirectory. The cleanUp command won't take those RSAT modules out, but instead will remove the gpo_output file. The GetPrereq might need a little work but shouldn't need it..... since the -CheckPrereq says to Manually install on Windows 10. Hope that works out.
* Update T1615.yaml
Glad you showed me the PreReq "if" command trick, I would of struggled with it, thank you. Thanks for pointing out the GetPreqs need to be in there separate areas, I don't think I've had to do that before. Ya, glad you had me look more into getting the Win10 to work; I was just going for win server but its nice to have both as an option, thanks for kindly suggesting.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1555.003.yaml
Loot local Credentials - Invoke-WCMDump technique via function of WinPwn
* Update T1555.003.yaml
added mimi-kittenz for extracting juicy info from memory and Sharpweb gathering Browser Credentials
* Update T1555.003.yaml
update
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1003.002.yaml
add Loot local Credentials - Dump SAM-File for NTLM Hashes technique via function of WinPwn
* Update T1003.002.yaml
updated
* Update T1003.002.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1555.yaml
Loot local Credentials - Invoke-WCMDump technique via function of WinPwn
Loot local Credentials - Wifi Credentials technique via function of WinPwn
Loot local Credentials - Decrypt Teamviewer Passwords technique via function of WinPwn
* Update T1555.yaml
added name: powershell
* Update T1555.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1082.yaml
PowerSharpPack - Seatbelt technique via function of WinPwn performing Local Privileges escalation
* Update T1082.yaml
* Update T1082.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Bhavin Patel