Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Hare Sudhan
|
bc45fe36e7 | ||
|
Hare Sudhan
|
3851a7e74e |
@@ -210,21 +210,23 @@ atomic_tests:
|
||||
- description: |
|
||||
sysmon must be Installed
|
||||
prereq_command: |
|
||||
if(sc.exe query sysmon | findstr sysmon) { exit 0 } else { exit 1 }
|
||||
Get-Service -Name sysmon*
|
||||
get_prereq_command: |
|
||||
if(cmd.exe /c "where.exe Sysmon.exe 2> nul | findstr Sysmon 2> nul") { C:\Windows\Sysmon.exe -accepteula -i } else
|
||||
{ & "PathToAtomicsFolder\..\ExternalPayloads\Sysmon\Sysmon.exe" -accepteula -i}
|
||||
- description: |
|
||||
sysmon filter must be loaded
|
||||
prereq_command: |
|
||||
if(fltmc.exe filters | findstr #{sysmon_driver}) { exit 0 } else { exit 1 }
|
||||
fltmc.exe filters | findstr #{sysmon_driver}
|
||||
get_prereq_command: |
|
||||
if(Test-Path "PathToAtomicsFolder\..\ExternalPayloads\Sysmon\Sysmon.exe"){
|
||||
& "PathToAtomicsFolder\..\ExternalPayloads\Sysmon\Sysmon.exe" -u
|
||||
& "PathToAtomicsFolder\..\ExternalPayloads\Sysmon\Sysmon.exe" -accepteula -i
|
||||
}else{
|
||||
sysmon -u
|
||||
sysmon -accepteula -i
|
||||
Get-Service -Name Sysmon* | where-Object {$_.Status -eq "Running"} | ForEach-Object {
|
||||
& "$($_.Name)" -u
|
||||
& "$($_.Name)" -accepteula -i
|
||||
}
|
||||
}
|
||||
executor:
|
||||
command: |
|
||||
@@ -252,7 +254,7 @@ atomic_tests:
|
||||
- description: |
|
||||
Sysmon executable must be available
|
||||
prereq_command: |
|
||||
if(cmd /c where sysmon) {exit 0} else {exit 1}
|
||||
where.exe sysmon*.exe
|
||||
get_prereq_command: |
|
||||
$parentpath = Split-Path "#{sysmon_exe}"; $zippath = "$parentpath\Sysmon.zip"
|
||||
New-Item -ItemType Directory $parentpath -Force | Out-Null
|
||||
@@ -262,12 +264,14 @@ atomic_tests:
|
||||
- description: |
|
||||
Sysmon must be installed
|
||||
prereq_command: |
|
||||
if(cmd /c sc query sysmon) { exit 0} else { exit 1}
|
||||
Get-Service -Name Sysmon*
|
||||
get_prereq_command: |
|
||||
cmd /c sysmon -i -accepteula
|
||||
executor:
|
||||
command: |
|
||||
sysmon -u
|
||||
Get-Service -Name Sysmon* | where-Object {$_.Status -eq "Running"} | ForEach-Object {
|
||||
& "$($_.Name)" -u
|
||||
}
|
||||
cleanup_command: |
|
||||
sysmon -i -accepteula >nul 2>&1
|
||||
name: command_prompt
|
||||
|
||||
Reference in New Issue
Block a user