Generated docs from job=generate-docs branch=master [ci skip]

redcanaryco · Dec 19, 2024 · bfcfd56 · bfcfd56
1 parent 89ad31c
commit bfcfd56
Show file tree

Hide file tree

Showing 12 changed files with 68 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 # Atomic Red Team
 
-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1695-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1696-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
 
 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use

diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
@@ -2005,6 +2005,7 @@ discovery,T1124,System Time Discovery,2,System Time Discovery - PowerShell,1d571
 discovery,T1124,System Time Discovery,3,System Time Discovery in FreeBSD/macOS,f449c933-0891-407f-821e-7916a21a1a6f,sh
 discovery,T1124,System Time Discovery,4,System Time Discovery W32tm as a Delay,d5d5a6b0-0f92-42d8-985d-47aafa2dd4db,command_prompt
 discovery,T1124,System Time Discovery,5,System Time with Windows time Command,53ead5db-7098-4111-bb3f-563be390e72e,command_prompt
+discovery,T1124,System Time Discovery,6,Discover System Time Zone via Registry,25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47,command_prompt
 reconnaissance,T1592.001,Gather Victim Host Information: Hardware,1,Enumerate PlugNPlay Camera,d430bf85-b656-40e7-b238-42db01df0183,powershell
 impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
 impact,T1489,Service Stop,2,Windows - Stop service using net.exe,41274289-ec9c-4213-bea4-e43c4aa57954,command_prompt

diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -1364,6 +1364,7 @@ discovery,T1124,System Time Discovery,1,System Time Discovery,20aba24b-e61f-4b26
 discovery,T1124,System Time Discovery,2,System Time Discovery - PowerShell,1d5711d6-655c-4a47-ae9c-6503c74fa877,powershell
 discovery,T1124,System Time Discovery,4,System Time Discovery W32tm as a Delay,d5d5a6b0-0f92-42d8-985d-47aafa2dd4db,command_prompt
 discovery,T1124,System Time Discovery,5,System Time with Windows time Command,53ead5db-7098-4111-bb3f-563be390e72e,command_prompt
+discovery,T1124,System Time Discovery,6,Discover System Time Zone via Registry,25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47,command_prompt
 impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
 impact,T1489,Service Stop,2,Windows - Stop service using net.exe,41274289-ec9c-4213-bea4-e43c4aa57954,command_prompt
 impact,T1489,Service Stop,3,Windows - Stop service by killing process,f3191b84-c38b-400b-867e-3a217a27795f,command_prompt

diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
@@ -2711,6 +2711,7 @@
   - Atomic Test #3: System Time Discovery in FreeBSD/macOS [linux, macos]
   - Atomic Test #4: System Time Discovery W32tm as a Delay [windows]
   - Atomic Test #5: System Time with Windows time Command [windows]
+  - Atomic Test #6: Discover System Time Zone via Registry [windows]
 
 # resource-development
 - T1583 Acquire Infrastructure [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -1906,6 +1906,7 @@
   - Atomic Test #2: System Time Discovery - PowerShell [windows]
   - Atomic Test #4: System Time Discovery W32tm as a Delay [windows]
   - Atomic Test #5: System Time with Windows time Command [windows]
+  - Atomic Test #6: Discover System Time Zone via Registry [windows]
 
 # impact
 - T1561.002 Disk Structure Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
@@ -109278,6 +109278,20 @@ discovery:
 
           '
         name: command_prompt
+    - name: Discover System Time Zone via Registry
+      auto_generated_guid: 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
+      description: |
+        Identify the Operating System Time Zone via registry with the reg.exe command.
+        Upon execution, the system Time Zone will be shown.
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation"
+          /v TimeZoneKeyName
+
+          '
+        name: command_prompt
+        elevation_required: false
 resource-development:
   T1583:
     technique:

diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
@@ -89573,6 +89573,20 @@ discovery:
 
           '
         name: command_prompt
+    - name: Discover System Time Zone via Registry
+      auto_generated_guid: 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
+      description: |
+        Identify the Operating System Time Zone via registry with the reg.exe command.
+        Upon execution, the system Time Zone will be shown.
+      supported_platforms:
+      - windows
+      executor:
+        command: 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation"
+          /v TimeZoneKeyName
+
+          '
+        name: command_prompt
+        elevation_required: false
 resource-development:
   T1583:
     technique:

diff --git a/atomics/T1124/T1124.md b/atomics/T1124/T1124.md
@@ -22,6 +22,8 @@ This information could be useful for performing other techniques, such as execut
 
 - [Atomic Test #5 - System Time with Windows time Command](#atomic-test-5---system-time-with-windows-time-command)
 
+- [Atomic Test #6 - Discover System Time Zone via Registry](#atomic-test-6---discover-system-time-zone-via-registry)
+
 
 <br/>
 
@@ -173,4 +175,33 @@ time
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #6 - Discover System Time Zone via Registry
+Identify the Operating System Time Zone via registry with the reg.exe command.
+Upon execution, the system Time Zone will be shown.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`! 
+
+
+```cmd
+reg query "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation" /v TimeZoneKeyName
+```
+
+
+
+
+
+
 <br/>
diff --git a/atomics/T1124/T1124.yaml b/atomics/T1124/T1124.yaml
@@ -64,6 +64,7 @@ atomic_tests:
       time
     name: command_prompt
 - name: Discover System Time Zone via Registry
+  auto_generated_guid: 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
   description: |
     Identify the Operating System Time Zone via registry with the reg.exe command.
     Upon execution, the system Time Zone will be shown.

diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
@@ -1719,3 +1719,4 @@ aa12eb29-2dbb-414e-8b20-33d34af93543
 9d9c22c9-fa97-4008-a204-478cf68c40af
 be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
 acfcd709-0013-4f1e-b9ee-bc1e7bafaaec
+25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47