def main()

in cortado/rtas/c2_dns_from_iso.py [0:0]

• 10 lines of code
• 11 McCabe index (conditional complexity)

def main():
    # iso contains ping.exe to test for rules looking for suspicious DNS queries from mounted ISO file
    ISO = _common.get_resource_path("bin/ping_dns_from_iso.iso")
    PROC = "ping.exe"

    # ps script to mount, execute a file and unmount ISO device
    PS_SCRIPT = _common.get_resource_path("bin/ExecFromISOFile.ps1")

    if Path(ISO).is_file() and Path(PS_SCRIPT).is_file():
        print(f"[+] - ISO File {ISO} will be mounted and executed via powershell")

        # 3 unique domains to trigger 3 unique rules looking for dns events via a process running from a mounted ISO file
        for domain in ["Abc.xyz", "content.dropboxapi.com", "x1.c.lencr.org"]:
            # import ExecFromISO function that takes two args -ISOFIle pointing to ISO file path and -procname pointing to the filename to execute and -cmdline for arguments
            # command = "powershell.exe -ExecutionPol Bypass -c import-module " + psf + '; ExecFromISO -ISOFile ' + ISO + ' -procname '+ PROC + ' -cmdline ' + domain + ';'
            command = f"powershell.exe -ExecutionPol Bypass -c import-module {PS_SCRIPT}; ExecFromISO -ISOFile {ISO} -procname {PROC} -cmdline {domain};"
            _ = _common.execute_command(command, shell=True)

        print("[+] - RTA Done!")