diff --git a/ttps/defense-evasion/macos/remove-quarantine-attrib/README.md b/ttps/defense-evasion/macos/remove-quarantine-attrib/README.md index 47aa5f8..0ac134a 100644 --- a/ttps/defense-evasion/macos/remove-quarantine-attrib/README.md +++ b/ttps/defense-evasion/macos/remove-quarantine-attrib/README.md @@ -17,7 +17,7 @@ from a file. You can run the TTP using the following example: ```bash -ttpforge run ttps/defense-evasion/macos/remove-quarantine-attrib/remove-quarantine-attrib.yaml +ttpforge run forgearmory//defense-evasion/macos/remove-quarantine-attrib/remove-quarantine-attrib.yaml ``` ## Steps diff --git a/ttps/defense-evasion/macos/remove-quarantine-attrib/Test.zip b/ttps/defense-evasion/macos/remove-quarantine-attrib/Test.zip deleted file mode 100644 index 379314f..0000000 Binary files a/ttps/defense-evasion/macos/remove-quarantine-attrib/Test.zip and /dev/null differ diff --git a/ttps/defense-evasion/macos/remove-quarantine-attrib/remove-quarantine-attrib.yaml b/ttps/defense-evasion/macos/remove-quarantine-attrib/remove-quarantine-attrib.yaml index a211104..909528d 100644 --- a/ttps/defense-evasion/macos/remove-quarantine-attrib/remove-quarantine-attrib.yaml +++ b/ttps/defense-evasion/macos/remove-quarantine-attrib/remove-quarantine-attrib.yaml @@ -15,7 +15,7 @@ steps: echo -e "Running xattr against the included Test.app bundle to remove \ the com.apple.quarantine attribute..." - unzip Test.zip + unzip TTPBundledFiles.zip echo -e "List of extended attributes before removal:\n" xattr Test.app echo -e "List of extended attributes after removal:\n" @@ -27,18 +27,18 @@ steps: inline: | set -e - echo -e "Running cat against the included Test.zip archive to remove \ + echo -e "Running cat against the included TTPBundledFiles.zip archive to remove \ the com.apple.quarantine attribute..." echo -e "List of extended attributes before removal:\n" - xattr Test.zip + xattr TTPBundledFiles.zip echo -e "List of extended attributes after removal:\n" - cat Test.zip > Test2.zip - xattr Test2.zip + cat TTPBundledFiles.zip > TTPBundledFiles2.zip + xattr TTPBundledFiles2.zip echo "[+] cat execution Done!" cleanup: inline: | set -e - rm -rf Test2.zip + rm TTPBundledFiles* echo "[+] Cleanup done!"