From e8f72f5cd597236d40d81d687293a707879baaa9 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 20 Aug 2020 19:20:36 +0530 Subject: [PATCH] Add commands' source --- .../post_breach/timestomping/linux/timestomping.py | 3 +++ .../post_breach/timestomping/windows/timestomping.py | 3 +++ 2 files changed, 6 insertions(+) diff --git a/monkey/infection_monkey/post_breach/timestomping/linux/timestomping.py b/monkey/infection_monkey/post_breach/timestomping/linux/timestomping.py index ea608b85d..ee6c02f58 100644 --- a/monkey/infection_monkey/post_breach/timestomping/linux/timestomping.py +++ b/monkey/infection_monkey/post_breach/timestomping/linux/timestomping.py @@ -9,3 +9,6 @@ def get_linux_timestomping_commands(): f'cat {TEMP_FILE} ; ' f'rm {TEMP_FILE} -f' ] + + +# Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md diff --git a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py index c18baabfc..9f23193f7 100644 --- a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py +++ b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py @@ -3,3 +3,6 @@ TEMP_FILE = 'monkey-timestomping-file.txt' def get_windows_timestomping_commands(): return 'powershell.exe infection_monkey/post_breach/timestomping/windows/timestomping.ps1' + + +# Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md