diff --git a/atomics/T1110.001/T1110.001.yaml b/atomics/T1110.001/T1110.001.yaml index 79f594fd12..b12f4404cc 100644 --- a/atomics/T1110.001/T1110.001.yaml +++ b/atomics/T1110.001/T1110.001.yaml @@ -154,6 +154,7 @@ atomic_tests: .\kerbrute.exe bruteuser --dc #{domaincontroller} -d #{domain} $env:temp\bruteuser.txt TestUser1 - name: SUDO Brute Force - Debian + auto_generated_guid: ba1bf0b6-f32b-4db0-b7cc-d78cacc76700 description: | An adversary may find themselves on a box (e.g. via ssh key auth, with no password) with a user that has sudo'ers privileges, but they do not know the users password. Normally, failed attempts to access root will not cause the root account to become locked, to prevent denial-of-service. This functionality enables an attacker to undertake a local brute force password guessing attack without locking out the root user. @@ -189,6 +190,7 @@ atomic_tests: userdel -fr art - name: SUDO Brute Force - Redhat + auto_generated_guid: 4097bc00-5eeb-4d56-aaf9-287d60351d95 description: | An adversary may find themselves on a box (e.g. via ssh key auth, with no password) with a user that has sudo'ers privileges, but they do not know the users password. Normally, failed attempts to access root will not cause the root account to become locked, to prevent denial-of-service. This functionality enables an attacker to undertake a local brute force password guessing attack without locking out the root user. diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt index 8ba8f3b430..23e6c636e8 100644 --- a/atomics/used_guids.txt +++ b/atomics/used_guids.txt @@ -1266,3 +1266,5 @@ d1f72fa0-5bc2-4b4b-bd1e-43b6e8cfb2e6 191db57d-091a-47d5-99f3-97fde53de505 20b40ea9-0e17-4155-b8e6-244911a678ac 433842ba-e796-4fd5-a14f-95d3a1970875 +ba1bf0b6-f32b-4db0-b7cc-d78cacc76700 +4097bc00-5eeb-4d56-aaf9-287d60351d95