Skip to content

Commit

Permalink
Merge pull request #928 from jtothej/firmwaretable
Browse files Browse the repository at this point in the history 
Move from nursery and update get-system-firmware-table.yml
  • Loading branch information
@mr-tz
mr-tz authored Sep 11, 2024
2 parents bf22c34 + fc70895 commit 4cc0122
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions nursery/get-system-firmware-table.yml → ...re/firmware/get-system-firmware-table.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,17 @@ rule:
scopes:
static: function
dynamic: call
att&ck:
- Reconnaissance::Gather Victim Host Information::Firmware [T1592.003]
references:
- https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/Shared/Utils.cpp#L854
examples:
- dc7cb53c5dc2e756822328a7144c29318cb871890727eff9c8da64a01e8e782d:0x180001BD0
features:
- and:
- api: kernel32.GetSystemFirmwareTable
- optional:
- or:
- number: 0x41435049 = "ACPI"
- number: 0x4649524d = "FIRM"
- number: 0x52534D42 = "RSMB"

0 comments on commit 4cc0122

Please sign in to comment.