Fabricio Brunetti
31151185e5
* T1122 - Update to use PathToAtomicsFolder Removed relative path to src folder, added PathToAtomicsFolder * Modifying .md file
19 lines
460 B
YAML
19 lines
460 B
YAML
---
|
|
attack_technique: T1122
|
|
display_name: Component Object Model Hijacking
|
|
|
|
atomic_tests:
|
|
- name: Component Object Model Hijacking
|
|
description: |
|
|
Hijack COM Object used by certutil.exe
|
|
|
|
supported_platforms:
|
|
- windows
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
reg import PathToAtomicsFolder\T1122\src\COMHijack.reg
|
|
certutil.exe -CAInfo
|
|
cleanup_command: |
|
|
reg import PathToAtomicsFolder\T1122\src\COMHijackCleanup.reg
|