philhagen-rc
92 lines
3.1 KiB
Plaintext
92 lines
3.1 KiB
Plaintext
# <%= technique['identifier'] %> - <%= technique['name'] %>
|
|
|
|
## Description from ATT&CK
|
|
<% attack_description_lines = technique['description'].gsub("%\\<", "%<").gsub(/<code>.*?<\/code>/) { |match| match.gsub('~', '\~') } %>
|
|
<% attack_description_lines.lines.each do |desc_line| %>> <%= desc_line.strip %>
|
|
<% end %>
|
|
[Source](https://attack.mitre.org/techniques/<%= technique['identifier'].gsub(/\./, '/') %>)
|
|
|
|
## Atomic Tests
|
|
|
|
<% atomic_yaml['atomic_tests'].each_with_index do |test, test_number| -%>
|
|
<% title = "Atomic Test ##{test_number+1}: #{test['name']}" %>- [<%= title %>](#<%= title.downcase.gsub(/ /, '-').gsub(/[`~!@#$%^&*()+=<>?,.\/:;"'|{}\[\]\\–—]/, '') %>)
|
|
<% end %>
|
|
<% atomic_yaml['atomic_tests'].each_with_index do |test, test_number| -%>
|
|
### Atomic Test #<%= test_number+1 %>: <%= test['name'] %>
|
|
|
|
<%= test['description'].strip %>
|
|
|
|
**Supported Platforms:** <%= test['supported_platforms'].collect do |p|
|
|
case p
|
|
when 'macos'
|
|
'macOS'
|
|
else
|
|
p.capitalize
|
|
end
|
|
end.join(', ') %>
|
|
|
|
**auto_generated_guid:** `<%= test['auto_generated_guid'] %>`
|
|
<%def cleanup(input)
|
|
input.to_s.strip.gsub(/\\/,"\")
|
|
end -%>
|
|
<% if test['input_arguments'].to_a.count > 0 %>
|
|
#### Inputs
|
|
|
|
| Name | Description | Type | Default Value |
|
|
|------|-------------|------|---------------|
|
|
<% test['input_arguments'].each do |arg_name, arg_options| -%>
|
|
| <%= cleanup(arg_name) %> | <%= cleanup(arg_options['description']) %> | <%= cleanup(arg_options['type']) %> | <%= cleanup(arg_options['default']) %>|
|
|
<% end -%>
|
|
<% end -%>
|
|
|
|
<%- if test['executor']['name'] == 'manual' -%>
|
|
#### Attack Commands: Run it with these steps! <%- if test['executor']['elevation_required'] -%> Elevation Required (e.g. root or admin) <%- end -%>
|
|
|
|
<%= test['executor']['steps'] %>
|
|
<%- else -%>
|
|
#### Attack Commands: Run with `<%= test['executor']['name'] %>`!<%- if test['executor']['elevation_required'] -%> Elevation Required (e.g. root or admin)<%- end -%>
|
|
<%def get_language(executor)
|
|
language = executor
|
|
if executor == "command_prompt"
|
|
language = "cmd"
|
|
elsif executor == "manual"
|
|
language = ""
|
|
end
|
|
language
|
|
end%>
|
|
|
|
```<%= get_language(test['executor']['name']) %>
|
|
<%= test['executor']['command'].to_s.strip %>
|
|
```
|
|
<%- end -%>
|
|
|
|
<%- if test['executor']['cleanup_command'] != nil -%>
|
|
#### Cleanup Commands
|
|
|
|
```<%= get_language(test['executor']['name']) %>
|
|
<%= test['executor']['cleanup_command'].to_s.strip %>
|
|
```
|
|
<% end -%>
|
|
<% if test['dependencies'].to_a.count > 0 -%>
|
|
<% dependency_executor = test['executor']['name'] -%>
|
|
|
|
#### Dependencies: Run with `<%- if test['dependency_executor_name'] != nil%><% dependency_executor = test['dependency_executor_name'] %><%= test['dependency_executor_name'] %><%- else -%><%= test['executor']['name'] %><%- end -%>`!
|
|
<% test['dependencies'].each do | dep | -%>
|
|
|
|
##### Description: <%= dep['description'].strip %>
|
|
|
|
###### Check Prereq Commands
|
|
|
|
```<%= get_language(dependency_executor) %>
|
|
<%= dep['prereq_command'].strip %>
|
|
```
|
|
|
|
###### Get Prereq Commands
|
|
|
|
```<%= get_language(dependency_executor) %>
|
|
<%= dep['get_prereq_command'].strip %>
|
|
```
|
|
<% end %>
|
|
<% end -%>
|
|
<%- end -%>
|