CircleCI Atomic Red Team doc generator
2.1 KiB
2.1 KiB
T1126 - Network Share Connection Removal
Description from ATT&CK
Windows shared drive and [Windows Admin Shares](https://attack.mitre.org/techniques/T1077) connections can be removed when no longer needed. [Net](https://attack.mitre.org/software/S0039) is an example utility that can be used to remove network share connections with thenet use \\system\share /deletecommand. (Citation: Technet Net Use)Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
Atomic Tests
Atomic Test #1 - Add Network Share
Add a Network Share utilizing the command_prompt
Supported Platforms: Windows
Inputs
| Name | Description | Type | Default Value |
|---|---|---|---|
| share_name | Share to add. | string | \test\share |
Run it with command_prompt! ```
net use c: #{share_name} net share test=#{share_name} /REMARK:"test share" /CACHE:No
<br/>
<br/>
## Atomic Test #2 - Remove Network Share
Removes a Network Share utilizing the command_prompt
**Supported Platforms:** Windows
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| share_name | Share to remove. | string | \\test\share|
#### Run it with `command_prompt`! ```
net share #{share_name} /delete
Atomic Test #3 - Remove Network Share PowerShell
Removes a Network Share utilizing PowerShell
Supported Platforms: Windows
Inputs
| Name | Description | Type | Default Value |
|---|---|---|---|
| share_name | Share to remove. | string | \test\share |
Run it with powershell! ```
Remove-SmbShare -Name #{share_name} Remove-FileShare -Name #{share_name}
<br/>