* show executor and privilege requirement
* added an atomic to add c2 domain under trusted zoneMap
* corrected typos
* modified adding a domain by creating one the key is not there
* moved registry modification atomic under T1112
* updated local execution file to be current
* corrected typos
* replaced rm by del for tests with executor as command_prompt
* changing rm to del for command_prompt
* Update T1102.yaml
* Update T1112.yaml
my local repo was behind. This file wasn't changed this time.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* updates paths to files
* moving T1170.hta to the source directory
* moving mshta.sct to the /src directory
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* renaming /shells directory to /src to bring up to current project spc
* moving files...
* ..moving files..
* moving files
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* show executor and privilege requirement
* added an atomic to add c2 domain under trusted zoneMap
* corrected typos
* modified adding a domain by creating one the key is not there
* moved registry modification atomic under T1112
* updated local execution file to be current
* corrected typos
* corrected typos
* added suppression for file not found in clean up
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* show executor and privilege requirement
* added an atomic to add c2 domain under trusted zoneMap
* corrected typos
* modified adding a domain by creating one the key is not there
* moved registry modification atomic under T1112
* updated local execution file to be current
* corrected typos
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Revert "Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772)"
This reverts commit 511bb87af2.
* Generate docs from job=validate_atomics_generate_docs branch=revert-511bb87af29fb302dbd9e85bd93c2c00a47953ba
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* first draft at dependencies
* lowercase url
* T1063 Query AV via WMI test
* Generate docs from job=validate_atomics_generate_docs branch=t1063-poison-frog
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* fixed download paths so that after moving source files they will point to the right place
* moving source file (used in test 1) to /src
* moving source code file (used in test 2) to /src
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* corrections to test 1 (zip & gpg test with .sh)
-corrected test with attempt to keep spirit of the original author
-(would probably be better to break into 2 tests or re-evaluate in context of entire recent T1022, but wanted to fix obvious errors)
-requires gpg which is not on all linux so added as a prereq
-corrected a missing $ in variable reference
-corrected bash syntax
* fixes per reviewer, added cleanup, and combined zip & gpg
-went ahead and just made it where used both gpg and zip on the same file
-added cleanup
-made all files to tmp as requested
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* The Atomic tests "Logon Scripts" and Startup Folder Script" were updated
with additional input arguments. The first test required a fix to the
string type for the registry entry to allow it to function correctly.
Added a log file write command for each test to record if the commands ran at startup
correctly. Other minor syntax and description updates.
* Added cleanup commands to cleanup new run-log files added to verify success
of test.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
san-gwea