security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85339c0e48af58a964dcf2e15e1fef554062f4ee
atomic-red-team/atomics/T1546.005/T1546.005.yaml
T
Hare Sudhan 62a85c12b5 FreeBSD changes (#2585) 
* freebsd changes

* renaming freebsd to linux
2023-11-06 17:41:43 -05:00

74 lines
2.4 KiB
YAML
Raw Blame History

attack_technique: T1546.005
display_name: 'Event Triggered Execution: Trap'
atomic_tests:
- name: Trap EXIT
auto_generated_guid: a74b2e07-5952-4c03-8b56-56274b076b61
description: |
Launch bash shell with command arg to create TRAP on EXIT.
The trap executes script that writes to /tmp/art-fish.txt
supported_platforms:
- macos
- linux
executor:
command: |
bash -c 'trap "nohup sh $PathToAtomicsFolder/T1546.005/src/echo-art-fish.sh" EXIT'
cleanup_command: |
rm -f /tmp/art-fish.txt
name: sh
- name: Trap EXIT (freebsd)
auto_generated_guid: be1a5d70-6865-44aa-ab50-42244c9fd16f
description: |
Launch bash shell with command arg to create TRAP on EXIT.
The trap executes script that writes to /tmp/art-fish.txt
supported_platforms:
- linux
dependency_executor_name: sh
dependencies:
- description: |
Check if bash is installed.
prereq_command: |
if [ ! -x "$(command -v bash)" ]; then exit 1; else exit 0; fi;
get_prereq_command: |
(which pkg && pkg install -y bash)
executor:
command: |
bash -c 'trap "nohup sh $PathToAtomicsFolder/T1546.005/src/echo-art-fish.sh" EXIT'
cleanup_command: |
rm -f /tmp/art-fish.txt
name: sh
- name: Trap SIGINT
auto_generated_guid: a547d1ba-1d7a-4cc5-a9cb-8d65e8809636
description: |
Launch bash shell with command arg to create TRAP on SIGINT (CTRL+C), then send SIGINT signal.
The trap executes script that writes to /tmp/art-fish.txt
supported_platforms:
- macos
- linux
executor:
command: |
bash -c 'trap "nohup sh $PathToAtomicsFolder/T1546.005/src/echo-art-fish.sh" SIGINT && kill -SIGINT $$'
cleanup_command: |
rm -f /tmp/art-fish.txt
name: sh
- name: Trap SIGINT (freebsd)
auto_generated_guid: ade10242-1eac-43df-8412-be0d4c704ada
description: |
Launch bash shell with command arg to create TRAP on SIGINT (CTRL+C), then send SIGINT signal.
The trap executes script that writes to /tmp/art-fish.txt
supported_platforms:
- linux
dependency_executor_name: sh
dependencies:
- description: |
Check if bash is installed.
prereq_command: |
if [ ! -x "$(command -v bash)" ]; then exit 1; else exit 0; fi;
get_prereq_command: |
(which pkg && pkg install -y bash)
executor:
command: |
bash -c 'trap "nohup sh $PathToAtomicsFolder/T1546.005/src/echo-art-fish.sh" SIGINT && kill -SIGINT $$'
cleanup_command: |
rm -f /tmp/art-fish.txt
name: sh
Reference in New Issue View Git Blame Copy Permalink