It appears that the executors defined in the emulation library aren't all being imported, and the second listed (pwsh) is getting done instead of both psh and pwsh. For example coming from apt29 yaml adversary:
id: 24ed020e-4730-4000-b6b4-6b5d3e95314f
name: Remote System Discovery
description: The net utility is executed via cmd to enumerate hosts within the domain.
tactic: discovery
technique:
attack_id: T1018
name: "Remote System Discovery"
cti_source: "https://blog-assets.f-secure.com/wp-content/uploads/2020/03/18122307/F-Secure_Dukes_Whitepaper.pdf"
procedure_group: procedure_discovery
procedure_step: "4.A.3"
platforms:
windows:
psh,pwsh:
command: |
cmd.exe /c net group "Domain Computers" /domain
executors:
- name: powershell
command: |
cmd.exe /c net group "Domain Computers" /domain
Looks like after importing to caldera via emu becomes just:
mvanopst@ubuntu:~/caldera$ cat plugins/emu/data/abilities/discovery/24ed020e-4730-4000-b6b4-6b5d3e95314f.yml
description: The net utility is executed via cmd to enumerate hosts within the domain.
id: 24ed020e-4730-4000-b6b4-6b5d3e95314f
name: Remote System Discovery
platforms:
windows:
pwsh:
cleanup: ''
command: cmd.exe /c net group "Domain Computers" /domain
payloads: []
repeatable: false
requirements: []
tactic: discovery
technique:
attack_id: T1018
name: Remote System Discovery
It's problematic since even with the 'shells' extension installed to the win10 sandcat agents, I'm only set to run ["cmd","psh"] so I'm missing a bunch of the abilities from an adversary profile.
It appears that the executors defined in the emulation library aren't all being imported, and the second listed (pwsh) is getting done instead of both psh and pwsh. For example coming from apt29 yaml adversary:
Looks like after importing to caldera via emu becomes just: mvanopst@ubuntu:~/caldera$ cat plugins/emu/data/abilities/discovery/24ed020e-4730-4000-b6b4-6b5d3e95314f.yml
It's problematic since even with the 'shells' extension installed to the win10 sandcat agents, I'm only set to run ["cmd","psh"] so I'm missing a bunch of the abilities from an adversary profile.