Brian Beyer
19 lines
447 B
YAML
19 lines
447 B
YAML
attack_technique: T1179
|
|
display_name: Hooking
|
|
|
|
atomic_tests:
|
|
- name: Hook PowerShell TLS Encrypt/Decrypt Messages
|
|
description: |
|
|
Hooks functions in PowerShell to read TLS Communications
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
file_name:
|
|
description: Dll To Inject
|
|
type: Path
|
|
default: C:\Atomic\T1179x64.dll
|
|
executor:
|
|
name: powershell
|
|
command: |
|
|
mavinject $pid /INJECTRUNNING #{file_name}
|