security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
remove_ruby
atomic-red-team/atomics/T1652/T1652.yaml
T
Atomic Red Team doc generator 70e8efd512 Generated docs from job=generate-docs branch=master [ci skip]
2025-12-13 04:55:41 +00:00

65 lines
2.1 KiB
YAML
Raw Permalink Blame History

attack_technique: T1652
display_name: "Device Driver Discovery"
atomic_tests:
- name: Device Driver Discovery
auto_generated_guid: 235b30a2-e5b1-441f-9705-be6231c88ddd
description: |
Displays a list of installed device drivers on the local computer and their properties. Threat actors use this command to enumerate the existing drivers on the computer.
Parameters:
/v /fo list - Displays verbose output in a list format - the /v parameter is not valid for signed drivers
/si /fo list - Provides information about signed drivers and outputs it in a list format
supported_platforms:
- windows
executor:
command: |
driverquery /v /fo list
driverquery /si /fo list
cleanup_command:
name: powershell
elevation_required: false
- name: Device Driver Discovery (Linux)
auto_generated_guid: d57dfc9e-ed9a-418e-88f8-b59c85f8cfd1
description: |
Displays a list of loaded kernel modules on a Linux system, which is used to enumerate drivers.
supported_platforms:
- linux
executor:
command: |
lsmod
name: bash
elevation_required: false
- name: Enumerate Kernel Driver Files (Linux)
auto_generated_guid: 13c0fef5-9be9-4d7f-9c6b-901624e53770
description: |
Finds and lists all kernel driver files on a Linux system in order to provide a broader view of available drivers, not just loaded ones.
supported_platforms:
- linux
executor:
command: |
find /lib/modules/$(uname -r)/kernel/drivers -name "*.ko*"
name: bash
elevation_required: false
- name: List loaded kernel extensions (macOS)
auto_generated_guid: 71eab73d-5d7d-4681-9a72-7873489a5b85
description: |
Displays a list of loaded kernel extensions (kexts) on a macOS system.
supported_platforms:
- macos
executor:
command: |
kextstat
name: bash
elevation_required: false
- name: Find Kernel Extensions (macOS)
auto_generated_guid: c63bbe52-6f17-4832-b221-f07ba8b1736f
description: |
Searches for kernel extension (kext) files on a macOS system.
supported_platforms:
- macos
executor:
command: |
kextfind
name: bash
elevation_required: false
Reference in New Issue View Git Blame Copy Permalink