Brian Beyer
1deb39ba9a
* validate input args in command and vice versa * validate the existence of TODOs * Update T1002.yaml * Update T1014.yaml * Update T1022.yaml * Fixed Issues Identified Fixed multiple issues identified by branch in order to push merge
34 lines
855 B
YAML
34 lines
855 B
YAML
---
|
|
attack_technique: T1160
|
|
display_name: Launch Daemon
|
|
|
|
atomic_tests:
|
|
- name: Launch Daemon
|
|
description: |
|
|
Utilize LaunchDaemon to launch `Hello World`
|
|
|
|
supported_platforms:
|
|
- macos
|
|
|
|
|
|
executor:
|
|
name: manual
|
|
steps: |
|
|
1. Place the following file (com.example.hello) in /System/Library/LaunchDaemons or /Library/LaunchDaemons
|
|
2.
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Label</key>
|
|
<string>com.example.hello</string>
|
|
<key>ProgramArguments</key>
|
|
<array>
|
|
<string>hello</string>
|
|
<string>world</string>
|
|
</array>
|
|
<key>KeepAlive</key>
|
|
<true/>
|
|
</dict>
|
|
</plist>
|