Carrie Roberts
d4709021fb
* updating atomics count in README.md [ci skip] * wip * handle spaces in path * update readme * fix typo --------- Co-authored-by: publish bot <opensource@redcanary.com>
16 lines
680 B
YAML
16 lines
680 B
YAML
attack_technique: T1055.003
|
|
display_name: Thread Execution Hijacking
|
|
atomic_tests:
|
|
- name: Thread Execution Hijacking
|
|
auto_generated_guid: 578025d5-faa9-4f6d-8390-aae527d503e1
|
|
description: 'This test injects a MessageBox shellcode generated by msfvenom in Notepad.exe using Thread Execution Hijacking. When successful, a message box will appear with the "Atomic Red Team" caption after one or two seconds. '
|
|
supported_platforms:
|
|
- windows
|
|
executor:
|
|
command: |-
|
|
$notepad = Start-Process notepad -passthru
|
|
Start-Process "$PathToAtomicsFolder\T1055.003\bin\InjectContext.exe"
|
|
Start-Sleep -Seconds 5
|
|
Stop-Process $notepad.id
|
|
name: powershell
|