T1158 no longer works. - Githubissues

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

MIT License

818 stars 194 forks source link

T1158 no longer works. #43

Closed leebaird closed 4 years ago

leebaird commented 4 years ago

https://github.com/redcanaryco/invoke-atomicredteam/wiki/Specify-Custom-Input-Arguments

T1158 no longer works.

ERROR: C:\AtomicRedTeam\atomics\T1158\T1158.yaml does not exist Check your Atomic Number and your PathToAtomicsFolder parameter

clr2of8 commented 4 years ago

Hello leebaird, thanks for reaching out. This can definitely come as a surprise but the Mitre ATT&CK numbering schema recently changed. You can find out more about it here. In the case of T1158 it was renumbered and became part of a sub-technique as shown below.

clr2of8 commented 4 years ago

You can now execute the same tests using the new subtechnique ID of T1164.001. If you have more questions I'd be happy to discuss with you over on our slack workspace https://slack.atomicredteam.io/ (@OrOneEqualsOne)