caseysmithrc
22 lines
487 B
YAML
22 lines
487 B
YAML
---
|
|
attack_technique: T1103
|
|
display_name: AppInit DLLs
|
|
|
|
atomic_tests:
|
|
- name: Install AppInit Shim
|
|
description: |
|
|
AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded into each user mode process on the system
|
|
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
registry_file:
|
|
description: Windows Registry File
|
|
type: Path
|
|
default: T1103.reg
|
|
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
reg.exe import #{file_name}
|