Generated docs from job=generate-docs branch=master [ci skip]

README.md

@@ -2,7 +2,7 @@
 
 # Atomic Red Team
 
-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1693-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1695-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
 
 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use

atomics/Indexes/Indexes-CSV/index.csv

@@ -1855,6 +1855,8 @@ discovery,T1082,System Information Discovery,35,"Check OS version via ""ver"" co
 discovery,T1082,System Information Discovery,36,"Display volume shadow copies with ""vssadmin""",7161b085-816a-491f-bab4-d68e974b7995,command_prompt
 discovery,T1082,System Information Discovery,37,Identify System Locale and Regional Settings with PowerShell,ce479c1a-e8fa-42b2-812a-96b0f2f4d28a,command_prompt
 discovery,T1082,System Information Discovery,38,Enumerate Available Drives via gdr,c187c9bc-4511-40b3-aa10-487b2c70b6a5,command_prompt
+discovery,T1082,System Information Discovery,39,Discover OS Product Name via Registry,be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7,command_prompt
+discovery,T1082,System Information Discovery,40,Discover OS Build Number via Registry,acfcd709-0013-4f1e-b9ee-bc1e7bafaaec,command_prompt
 discovery,T1016.002,System Network Configuration Discovery: Wi-Fi Discovery,1,Enumerate Stored Wi-Fi Profiles And Passwords via netsh,53cf1903-0fa7-4177-ab14-f358ae809eec,command_prompt
 discovery,T1010,Application Window Discovery,1,List Process Main Windows - C# .NET,fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4,command_prompt
 discovery,T1497.003,Time Based Evasion,1,Delay execution with ping,8b87dd03-8204-478c-bac3-3959f6528de3,sh

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -1258,6 +1258,8 @@ discovery,T1082,System Information Discovery,35,"Check OS version via ""ver"" co
 discovery,T1082,System Information Discovery,36,"Display volume shadow copies with ""vssadmin""",7161b085-816a-491f-bab4-d68e974b7995,command_prompt
 discovery,T1082,System Information Discovery,37,Identify System Locale and Regional Settings with PowerShell,ce479c1a-e8fa-42b2-812a-96b0f2f4d28a,command_prompt
 discovery,T1082,System Information Discovery,38,Enumerate Available Drives via gdr,c187c9bc-4511-40b3-aa10-487b2c70b6a5,command_prompt
+discovery,T1082,System Information Discovery,39,Discover OS Product Name via Registry,be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7,command_prompt
+discovery,T1082,System Information Discovery,40,Discover OS Build Number via Registry,acfcd709-0013-4f1e-b9ee-bc1e7bafaaec,command_prompt
 discovery,T1016.002,System Network Configuration Discovery: Wi-Fi Discovery,1,Enumerate Stored Wi-Fi Profiles And Passwords via netsh,53cf1903-0fa7-4177-ab14-f358ae809eec,command_prompt
 discovery,T1010,Application Window Discovery,1,List Process Main Windows - C# .NET,fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4,command_prompt
 discovery,T1217,Browser Bookmark Discovery,5,List Google Chrome / Opera Bookmarks on Windows with powershell,faab755e-4299-48ec-8202-fc7885eb6545,powershell

atomics/Indexes/Indexes-Markdown/index.md

@@ -2531,6 +2531,8 @@
   - Atomic Test #36: Display volume shadow copies with "vssadmin" [windows]
   - Atomic Test #37: Identify System Locale and Regional Settings with PowerShell [windows]
   - Atomic Test #38: Enumerate Available Drives via gdr [windows]
+  - Atomic Test #39: Discover OS Product Name via Registry [windows]
+  - Atomic Test #40: Discover OS Build Number via Registry [windows]
 - [T1016.002 System Network Configuration Discovery: Wi-Fi Discovery](../../T1016.002/T1016.002.md)
   - Atomic Test #1: Enumerate Stored Wi-Fi Profiles And Passwords via netsh [windows]
 - [T1010 Application Window Discovery](../../T1010/T1010.md)

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -1775,6 +1775,8 @@
   - Atomic Test #36: Display volume shadow copies with "vssadmin" [windows]
   - Atomic Test #37: Identify System Locale and Regional Settings with PowerShell [windows]
   - Atomic Test #38: Enumerate Available Drives via gdr [windows]
+  - Atomic Test #39: Discover OS Product Name via Registry [windows]
+  - Atomic Test #40: Discover OS Build Number via Registry [windows]
 - [T1016.002 System Network Configuration Discovery: Wi-Fi Discovery](../../T1016.002/T1016.002.md)
   - Atomic Test #1: Enumerate Stored Wi-Fi Profiles And Passwords via netsh [windows]
 - [T1010 Application Window Discovery](../../T1010/T1010.md)

atomics/Indexes/index.yaml

@@ -104028,7 +104028,37 @@ discovery:
       - windows
       executor:
         name: command_prompt
-        command: powershell.exe -c "gdr -PSProvider 'FileSystem'"
+        command: 'powershell.exe -c "gdr -PSProvider ''FileSystem''"
+
+          '
+    - name: Discover OS Product Name via Registry
+      auto_generated_guid: be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
+      description: |
+        Identify the Operating System Product Name via registry with the reg.exe command.
+        Upon execution, the OS Product Name will be displayed.
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v
+          ProductName
+
+          '
+        name: command_prompt
+        elevation_required: false
+    - name: Discover OS Build Number via Registry
+      auto_generated_guid: acfcd709-0013-4f1e-b9ee-bc1e7bafaaec
+      description: |
+        Identify the Operating System Build Number via registry with the reg.exe command.
+        Upon execution, the OS Build Number will be displayed.
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v
+          CurrentBuildNumber
+
+          '
+        name: command_prompt
+        elevation_required: false
   T1016.002:
     technique:
       modified: '2023-10-05T11:35:30.887Z'

atomics/Indexes/windows-index.yaml

@@ -85382,7 +85382,37 @@ discovery:
       - windows
       executor:
         name: command_prompt
-        command: powershell.exe -c "gdr -PSProvider 'FileSystem'"
+        command: 'powershell.exe -c "gdr -PSProvider ''FileSystem''"
+
+          '
+    - name: Discover OS Product Name via Registry
+      auto_generated_guid: be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
+      description: |
+        Identify the Operating System Product Name via registry with the reg.exe command.
+        Upon execution, the OS Product Name will be displayed.
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v
+          ProductName
+
+          '
+        name: command_prompt
+        elevation_required: false
+    - name: Discover OS Build Number via Registry
+      auto_generated_guid: acfcd709-0013-4f1e-b9ee-bc1e7bafaaec
+      description: |
+        Identify the Operating System Build Number via registry with the reg.exe command.
+        Upon execution, the OS Build Number will be displayed.
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v
+          CurrentBuildNumber
+
+          '
+        name: command_prompt
+        elevation_required: false
   T1016.002:
     technique:
       modified: '2023-10-05T11:35:30.887Z'

atomics/T1082/T1082.md

@@ -84,6 +84,10 @@ Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure a
 
 - [Atomic Test #38 - Enumerate Available Drives via gdr](#atomic-test-38---enumerate-available-drives-via-gdr)
 
+- [Atomic Test #39 - Discover OS Product Name via Registry](#atomic-test-39---discover-os-product-name-via-registry)
+
+- [Atomic Test #40 - Discover OS Build Number via Registry](#atomic-test-40---discover-os-build-number-via-registry)
+
 
 <br/>
 
@@ -1347,4 +1351,62 @@ powershell.exe -c "gdr -PSProvider 'FileSystem'"
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #39 - Discover OS Product Name via Registry
+Identify the Operating System Product Name via registry with the reg.exe command.
+Upon execution, the OS Product Name will be displayed.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`! 
+
+
+```cmd
+reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #40 - Discover OS Build Number via Registry
+Identify the Operating System Build Number via registry with the reg.exe command.
+Upon execution, the OS Build Number will be displayed.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** acfcd709-0013-4f1e-b9ee-bc1e7bafaaec
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`! 
+
+
+```cmd
+reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentBuildNumber
+```
+
+
+
+
+
+
 <br/>

atomics/T1082/T1082.yaml

@@ -580,6 +580,7 @@ atomic_tests:
     command: |
       powershell.exe -c "gdr -PSProvider 'FileSystem'"
 - name: Discover OS Product Name via Registry
+  auto_generated_guid: be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
   description: |
     Identify the Operating System Product Name via registry with the reg.exe command.
     Upon execution, the OS Product Name will be displayed.
@@ -591,6 +592,7 @@ atomic_tests:
     name: command_prompt
     elevation_required: false
 - name: Discover OS Build Number via Registry
+  auto_generated_guid: acfcd709-0013-4f1e-b9ee-bc1e7bafaaec
   description: |
     Identify the Operating System Build Number via registry with the reg.exe command.
     Upon execution, the OS Build Number will be displayed.

atomics/used_guids.txt

@@ -1717,3 +1717,5 @@ da86f239-9bd3-4e85-92ed-4a94ef111a1c
 a8f6148d-478a-4f43-bc62-5efee9f931a4
 aa12eb29-2dbb-414e-8b20-33d34af93543
 9d9c22c9-fa97-4008-a204-478cf68c40af
+be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
+acfcd709-0013-4f1e-b9ee-bc1e7bafaaec