Generate docs from job=validate_atomics_generate_docs branch=master

redcanaryco · Oct 8, 2019 · 641a1d0 · 641a1d0
1 parent e1f2936
commit 641a1d0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/atomics/T1038/T1038.md b/atomics/T1038/T1038.md
@@ -29,7 +29,7 @@ https://enigma0x3.net/2017/07/19/bypassing-amsi-via-com-server-hijacking/
 ```
 copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
 copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-cmd.exe /c %APPDATA%\updater.exe
+cmd.exe /k %APPDATA%\updater.exe
 ```
 
 

diff --git a/atomics/index.yaml b/atomics/index.yaml
@@ -1385,10 +1385,10 @@ persistence:
       executor:
         name: command_prompt
         elevation_required: false
-        command: |-
+        command: |
           copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
           copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-          cmd.exe /c %APPDATA%\updater.exe
+          cmd.exe /k %APPDATA%\updater.exe
   T1158:
     technique:
       external_references:
@@ -5823,10 +5823,10 @@ defense-evasion:
       executor:
         name: command_prompt
         elevation_required: false
-        command: |-
+        command: |
           copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
           copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-          cmd.exe /c %APPDATA%\updater.exe
+          cmd.exe /k %APPDATA%\updater.exe
   T1140:
     technique:
       external_references:
@@ -11329,10 +11329,10 @@ privilege-escalation:
       executor:
         name: command_prompt
         elevation_required: false
-        command: |-
+        command: |
           copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
           copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
-          cmd.exe /c %APPDATA%\updater.exe
+          cmd.exe /k %APPDATA%\updater.exe
   T1179:
     technique:
       external_references: