Dependencies download - T1003-007 (Dump individual process memory with Python (Local))

[RemiEC]

Hello,

I am using Invoke-Atomic to perform tests on remote Linux machines. Most of the tests I am interested in leverage local ressources, but some require external scripts or binaries.

I have noticed that while most of the tests can download external requirements if missing (e.g. Capture Passwords with MimiPenguin), T1003-007 (Dump individual process memory with Python (Local)) requires a dump_heap.py python script that is nor copied from the attacking machine, nor downloaded from a github repo.

As such, I need to manually identify similar tests where dependencies are not automatically downloaded and manually upload them on my target machines.

Am I doing something wrong or is it the intended behavior ?

[clr2of8]

Thanks for reaching out. There are atomic tests that were not implemented with remote execution in mind and still need some get_prereq_command's added. If those commands are added to the atomic (as part of the atomic-red-team repo as opposed to this one) then all will work remotely when you run -GetPrereqs while passing in your remote session. I hope this helps. If you want to discuss this more interactively reach out to me on the slack channel which is linked to at the bottom of the wiki pages for this repo. Thx!