security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
atomic-red-team/atomics/T1125/T1125.yaml
T
CircleCI Atomic Red Team GUID generator 79ff4f08bc Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-21 17:35:27 +00:00

16 lines
1.0 KiB
YAML
Raw Permalink Blame History

attack_technique: T1125
display_name: Video Capture
atomic_tests:
- name: Registry artefact when application use webcam
auto_generated_guid: 6581e4a7-42e3-43c5-a0d2-5a0d62f9702a
description: |
[can-you-track-processes-accessing-the-camera-and-microphone](https://svch0st.medium.com/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072)
supported_platforms:
- windows
executor:
command: |
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam\NonPackaged\C:#Windows#Temp#atomic.exe /v LastUsedTimeStart /t REG_BINARY /d a273b6f07104d601 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam\NonPackaged\C:#Windows#Temp#atomic.exe /v LastUsedTimeStop /t REG_BINARY /d 96ef514b7204d601 /f
cleanup_command: |
reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam\NonPackaged\C:#Windows#Temp#atomic.exe /f
name: command_prompt
Reference in New Issue View Git Blame Copy Permalink