security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1005/T1005.yaml
T
Carrie Roberts 1bfefdacfc Add elevated (#542) 
* provide elevation_required attribute

* provide elevation_required attribute

* provide elevation_required attribute
2019-09-03 07:34:42 -06:00

25 lines
596 B
YAML
Raw Blame History

---
attack_technique: T1005
display_name: Data from Local System
atomic_tests:
- name: Search macOS Safari Cookies
description: |
This test uses `grep` to search a macOS Safari binaryCookies file for specified values. This was used by CookieMiner malware.
supported_platforms:
- macos
input_arguments:
search_string:
description: String to search Safari cookies to find.
type: string
default: coinbase
executor:
name: sh
elevation_required: false
command: |
cd ~/Library/Cookies
grep -q "#{search_string}" "Cookies.binarycookies"
Reference in New Issue View Git Blame Copy Permalink