* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1490.yaml
Fixed a formatting error in #2676
* Update T1490.yaml
add dependency_executor_name field
---------
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
* Update T1490.yaml
Support for creating shadow copies in Windows 10+
* Update T1490.md
Updating documentation
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1490.yaml "Modify VSS Service Permissions"
Modify permissions of the VSS service to inhibit system recovery. This test alters the security settings of the Volume Shadow Copy Service (VSS), potentially impacting system recovery operations. It should be conducted only in a controlled environment. The executor must have administrative privileges to modify service permissions. Note that this test does not include a cleanup command; thus, the changes will persist after execution. Ensure that you have a backup or a system recovery plan in place before running this test. Running this test on a production system or critical environment is not recommended without proper precautions.
* Update T1490.yaml
updated guid
* Update T1490.yaml
updated description and clean up command
* Update T1490.yaml
updated indentations
* Update T1490.yaml
* Update T1490.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1041.yaml DNS-Based C2 Data Exfiltration
Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.
* Update T1041.yaml
updated the changes as requested
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Atomic Test #7 - System Owner/User Discovery Using Command Prompt
Identify the system owner or current user using native Windows command prompt utilities.
* Update T1033.yaml
adjusted - "del %output_path%\\user_info_*.tmp"
* Update T1033.yaml
adjusted output_path with Temp
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Carrie Roberts