Hare Sudhan
c8a70997da
* Update T1202.yaml * fix all atomics * changing to macos to fix pytest issue * changing to macos to fix pytest issue * adding gitignore
21 lines
779 B
YAML
21 lines
779 B
YAML
attack_technique: T1652
|
|
display_name: "Device Driver Discovery"
|
|
atomic_tests:
|
|
|
|
- name: Device Driver Discovery
|
|
auto_generated_guid: 235b30a2-e5b1-441f-9705-be6231c88ddd
|
|
description: |
|
|
Displays a list of installed device drivers on the local computer and their properties. Threat actors use this command to enumerate the existing drivers on the computer.
|
|
Parameters:
|
|
/v /fo list - Displays verbose output in a list format - the /v parameter is not valid for signed drivers
|
|
/si /fo list - Provides information about signed drivers and outputs it in a list format
|
|
supported_platforms:
|
|
- windows
|
|
executor:
|
|
command: |
|
|
driverquery /v /fo list
|
|
driverquery /si /fo list
|
|
cleanup_command:
|
|
name: powershell
|
|
elevation_required: false
|