security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
atomic-red-team/atomics/T1021.005/T1021.005.yaml
T
Atomic Red Team GUID generator a68b2cfabe Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-09-12 02:52:08 +00:00

20 lines
961 B
YAML
Raw Permalink Blame History

attack_technique: T1021.005
display_name: 'Remote Services:VNC'
atomic_tests:
- name: Enable Apple Remote Desktop Agent
auto_generated_guid: 8a930abe-841c-4d4f-a877-72e9fe90b9ea
description: |
ARD leverages a blend of protocols, including VNC to send the screen and control buffers and SSH for secure file transfer.
Adversaries can abuse ARD to gain remote code execution and perform lateral movement.
References: https://www.mandiant.com/resources/blog/leveraging-apple-remote-desktop-for-good-and-evil
supported_platforms:
- macos
executor:
name: sh
command: |
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -privs -all -quiet
cleanup_command: |
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop -configure -privs -none -quiet
elevation_required: true
Reference in New Issue View Git Blame Copy Permalink