JB
1eaae6d3ce
* Create T1595.002.yaml * Added vbscript (griffon recon) for test 1 Script ref. (public gist) https://gist.githubusercontent.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d/raw/55ecbf8f83c36984371a335991f6cf4f2022319b/gistfile1.txt * added run as priv user n/a * removed guid accidentally put in * removed extra line * checking syntax final * remove dependency line * minor updates to invoke the build process again * removing elevation required thanks for that additional review, carrie * moving to T1082 per review * adding test 8 (griffon recon) * create griffon_recon.vbs for test 8 script used here was reduced by security researcher Kirk Sayre (github.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d), and it gives the exact same recon behavior, hash mentioned in the code, as the original (minus the C2 interaction). * moving vbs file to T1082 per review Co-authored-by: Carrie Roberts <clr2of8@gmail.com>