From ded6555bdb4d409d39966424a03ec46b9e127eca Mon Sep 17 00:00:00 2001
From: traceflow <traceflow@0x8d.cc>
Date: Wed, 18 Oct 2023 14:55:07 -0400
Subject: [PATCH] adding test for t1505.005, fixing issue with existing test to
 simulate termsrv.dll patching

---
 atomics/T1505.005/T1505.005.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/atomics/T1505.005/T1505.005.yaml b/atomics/T1505.005/T1505.005.yaml
index 6a0bb9d4cd..187df35001 100644
--- a/atomics/T1505.005/T1505.005.yaml
+++ b/atomics/T1505.005/T1505.005.yaml
@@ -2,6 +2,7 @@ attack_technique: T1505.005
 display_name: 'Server Software Component: Terminal Services DLL'
 atomic_tests:
 - name: Simulate Patching termsrv.dll
+  auto_generated_guid: 
   description: |
     Simulates patching of termsrv.dll by making a benign change to the file and replacing it with the original afterwards.
     Before we can make the modifications we need to take ownership of the file and grant ourselves the necessary permissions.
@@ -26,6 +27,7 @@ atomic_tests:
     name: powershell
 
 - name: Modify Terminal Services DLL Path
+  auto_generated_guid: 
   description: This atomic test simulates the modification of the ServiceDll value in HKLM\System\CurrentControlSet\services\TermService\Parameters. This technique may be leveraged by adversaries to establish persistence by loading a patched version of the DLL containing malicious code.
   supported_platforms:
   - windows