New atomic added. - Githubissues

redcanaryco / atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

MIT License

9.79k stars 2.8k forks source link

Closed krdmnbrk closed 1 week ago

krdmnbrk commented 2 weeks ago

Details: This atomic enumerates drivers on Windows via the gdr PowerShell command. It simulates attackers gathering file storage information.

Testing: Validated on Windows by running powershell.exe -c "gdr -PSProvider 'FileSystem'" to confirm accurate drive listing.

Screenshot below Screenshot_1