adam/atomic-red-team-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,616 Commits 48 Branches 0 Tags
master
Commit Graph

93 Commits

Author SHA1 Message Date
philhagen-rc 113f30c97c Attack v19 migration (#3329) 2026-05-01 23:10:14 -04:00
pyth0n1c 468848cb1e Remove extra field "description" in executor OR update models.py schema (#3298) 
Co-authored-by: Hare Sudhan <27735081+cyberbuff@users.noreply.github.com>
 2026-03-23 21:49:16 -04:00
philhagen-rc 0b57340866 Template fix part2 (#3286) 2026-02-18 11:54:46 -05:00
philhagen-rc 78bbf833fb second phase of template fix (#3285) 2026-02-18 11:45:22 -05:00
philhagen-rc eee9292a81 Update atomic_doc_template.md.erb (#3281) 2026-02-18 09:50:28 -05:00
hfz e71c0c3b57 Fix formatting issues in T1562.003.md (#3236) 
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2025-11-28 23:38:40 -05:00
Hare Sudhan 5bc874cbb8 ATT&CK v18 changes (#3223) 
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
 2025-11-04 17:54:29 -08:00
Hare Sudhan 23d78e9c2c Updating Windows reviewers list (#3165) 2025-09-05 04:51:14 -06:00
Hare Sudhan f63a2ac494 ATT&CK v17 changes (#3107) 
Thanks Hare!
 2025-05-01 11:12:40 -04:00
philhagen-rc 318d7bd6f7 fix MD->HTML render for .io site (#3058) 2025-02-13 17:02:44 -05:00
Hare Sudhan 0efaba9ff0 update to MITRE ATT&CK 16 (#2990) 2024-11-19 20:34:41 -05:00
Hare Sudhan 81b987e1a6 fix atomics (#2852) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-16 13:06:56 -05:00
Hare Sudhan c8a70997da Adding more YAML validations (#2837) 
* Update T1202.yaml

* fix all atomics

* changing to macos to fix pytest issue

* changing to macos to fix pytest issue

* adding gitignore
 2024-07-10 08:54:26 -05:00
Phil Hagen 16ed461ee4 Fix LinkById syntax (#2794) 
* fix jinja2 syntax

* fix LinkById syntax

* further syntax correction for LinkById instances
 2024-06-03 12:46:19 -04:00
Hare Sudhan cb602ba482 update enterprise attack (#2760) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-04-27 12:41:30 -05:00
Hare Sudhan 82fc8d41cc Add tests for python code (#2759) 
* add tests for python code

* ruff format
 2024-04-27 12:38:14 -05:00
Hare Sudhan e7e1e8acff Fix auto_generated_guids file (#2757) 
* Update guid.py

* Update used_guids.txt
 2024-04-25 11:29:51 -06:00
Hare Sudhan 3bf390b116 Python conversion of maintenance commands (#2739) 
* updating atomics count in README.md [ci skip]

* converting python

* rename

* fix path

* minor refactor

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2024-04-07 08:52:35 -06:00
Hare Sudhan acd5bf322b cleanup (#2738) 2024-04-06 20:28:33 -06:00
Hare Sudhan 3bd3ceb8a2 Update attack_api.rb (#2624) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-11-28 10:01:37 -06:00
Carrie Roberts 1c965f637d latest mitre attack info (#2592) 
* updating atomics count in README.md [ci skip]

* updating atomics count in README.md [ci skip]

* latest enterprise attack data

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2023-11-06 19:25:22 -05:00
Alton Johnson, OSCP, OSCE e2474f6e12 replaced File.exists? with File.exist? (#2511) 2023-08-15 16:53:26 -06:00
Carrie Roberts 7955fa8daa update nav version and attack data (#2429) 2023-05-19 11:05:25 -06:00
Josh Rickard 9913e9b23a fix: Fix unescaped backslash in description (#2317) 
Details:

When generating markdown documents, certain commands were not being parsed correctly when rendering strings from Mitre ATT&CK JSON objects. This PR fixes that issue by replacing double backslash with null strings in the technique['description'] portion of the ERB template.

Testing:

Generated docs and the only document/technique effected by this change is T1546.008. I know it's small but it helps.

Associated Issues:

fixed #1539
 2023-02-06 15:19:46 -05:00
Josh Rickard a24028a3e3 Add platform based indexes (#2311) 
* feat: Adding call to generate YAML index files broken out by platform type based on the supported_platforms array values.

* feat: Add new method generate_yaml_index_by_platform to generate yaml indexes based on the provided platform type

* feat: Added new method atomic_tests_for_technique_by_platform to retrieve techniques from API and add atomic_tests based on the provided platform vbalue

---------

Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-06 11:36:25 -07:00
Hare Sudhan 8033113bba Generate Indexes for Cloud Atomics (#2075) 
* added cloud indexes

* adding indexes for other platoforms
 2022-08-10 13:09:00 -06:00
Carrie Roberts 165c26be6a updates based mitre v11 2022-06-15 17:25:38 -06:00
Carrie Roberts 5006f24bfb add cloud executors (#1848) 2022-04-04 12:36:12 -06:00
Jose Enrique Hernandez 225d39ed9a Merge branch 'master' into nav-filter2 2022-04-01 10:11:02 -04:00
Carrie Roberts bc3e0c1745 add nav layer filters and update enterprise-attack.json 2022-03-31 21:07:38 -06:00
Carrie Roberts 3832ab6c6d spec fix (#1829) 2022-03-24 15:47:32 -06:00
Adam Mashinchi f6bbd37d13 Update atomic_red_team.rb (#1729) 
Update 'contributing' url.
 2022-01-18 15:56:42 -06:00
glallen 4cf57b9ec8 spec.yaml should be singular to match working yaml (#1674) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-11-23 10:38:03 -07:00
Carrie Roberts 157af0ce47 move guid under description in MD file and make bold 2021-06-24 09:24:23 -06:00
Jose Enrique Hernandez 221f3a6027 adding auto generated guids to the md files, closes issue 1501 (#1529) 2021-06-24 09:16:09 -06:00
patel-bhavin 71a7a77e62 adding kubectl to spec 2021-06-04 14:30:15 -07:00
Adam Mashinchi bf0731c080 Updating spec for ATT&CKv9 
Including changes noted in https://github.com/redcanaryco/atomic-red-team/issues/1491
 2021-06-03 13:51:20 -07:00
Adam Mashinchi 2d54a45364 Update Platforms and Executors for ATT&CKv9 
Implement changes proposed in https://github.com/redcanaryco/atomic-red-team/issues/1491
 2021-06-03 13:44:31 -07:00
Will Urbanski 41d83e93f1 update enterprise att&ck and build docs 2021-05-20 12:29:56 -06:00
Brook Riggio e062b5296d Update atomic_test_template.yaml (#1463) 2021-05-13 14:38:26 -06:00
nobletrout 34f4512f15 add caching of techniques. performance improvement. (#1391) 2021-02-12 19:28:31 -07:00
Carrie Roberts f80bea245d updating enterprise-attack.json from Mitre (#1325) 2020-12-10 18:03:27 -07:00
Katya Potapov 6870ca31c1 fix MITRE URL formatting (#1229) 2020-09-29 07:53:01 -06:00
Carrie Roberts d8733662f9 fix markdown spacing after description (#1183) 2020-08-07 11:13:55 -06:00
Carrie Roberts a4277af9d6 fix for printing prereqs in md (#1171) 2020-08-04 18:38:06 -06:00
Michael Haag 2cc5348312 Fix T1551 to T1070 (#1161) 
* Fix T1551 to T1070

Found that we had T1070 labeled incorrectly as T1551. MITRE pushed a fix for this per https://attack.mitre.org/resources/updates/updates-july-2020/

```
Indicator Removal on Host Was incorrectly re-IDd to T1551, restored to T1070 and its sub-techniques were changed to T1070.001, T1070.002, T1070.003, T1070.004, T1070.005, and T1070.006
```

* Generate MD fix

Attempting to get the MD to generate

* Update enterprise-attack.json

* Generate docs from job=validate_atomics_generate_docs branch=T1070-indicator-removal-fix

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-08-01 09:46:06 -06:00
wilsonwr c67a4f55f7 Fix: only_platform circular argument reference (#1160) 
Remove a circular argument reference of only_platform, which was causing scripts in ./bin/ to error out when using Ruby version 2.7.
 2020-07-30 11:36:12 -06:00
JB b3da61d0a4 Improved automation by adding -accepteula option (#1144) 
* added -accepteula flag for PsExec 

will make test seamless and fully automatable
ref https://github.com/redcanaryco/atomic-red-team/issues/1092

* Added reference to making tests not require interaction like -accepteula -q options

* added -accepteula to PsExec command

will make it automated

* Added /accepteula option to Autoruns execution in test 1

prior this may have prevented full automation of the test

* Update spec.yaml

* typo, nice catch cnotin

Co-authored-by: Clément Notin <clement@notin.org>

* fixing mystery text accidentally added to branch (rm'd)

* added -accepteula on psexec test, thanks @cnotin for the catch!

* added back in word, 'manually' removed in last pull acc.

thanks @cnotin

* removing /accepteula proposed previously, from test 1

Co-authored-by: Clément Notin <clement@notin.org>
 2020-07-20 11:44:23 -06:00
Carrie Roberts 24549e3866 Convert to Mitre ATT&CK sub-technique schema (#1056) 
* Initial transfer of atomics to MITRE subtechniques

* Add GUIDs back in, attack_technique to string (#1019)

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* Subtechnique transfer T1220-T1546.005 (#1020)

* Create T1222.001.yaml

* Create T1222.002.yaml

* Create T1505.002.yaml

* Update T1543.003.yaml

* Update AtomicService.cs

* Update T1546.005.yaml

* Delete T1222.yaml

* Update T1482.yaml

* Update T1485.yaml

* Update T1220.yaml

* Update T1489.yaml

* Update T1490.yaml

* Update T1496.yaml

* Update T1505.003.yaml

* Update T1505.yaml

* Update T1518.001.yaml

* Update T1518.yaml

* Update T1529.yaml

* Update T1543.004.yaml

* Update T1546.001.yaml

* Update T1546.002.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.002.yaml

* Update T1543.001.yaml

* Update T1518.001.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1531.yaml

* Update T1222.001.yaml

* Update T1222.002.yaml

* Update T1505.002.yaml

* Update T1505.003.yaml

* Update T1518.001.yaml

* Update T1543.001.yaml

* Update T1546.005.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.003.yaml

* Update T1543.002.yaml

* added auto_generated_guid 1220

* added T1222.001 auto_generated_guid

* Update T1222.002.yaml

added   auto_generated_guid entries

* Update T1482.yaml

  auto_generated_guid added

* Update T1485.yaml

added   auto_generated_guids

* Update T1489.yaml

added   auto_generated_guids

* Update T1490.yaml

added   auto_generated_guids

* Update T1496.yaml

added   auto_generated_guid

* Update T1505.002.yaml

added   auto_generated_guid from old T1505 same atomic

* Update T1505.003.yaml

added  auto_generated_guid from previous atomic 1100

* Delete T1505.yaml

no longer needed, moved to 1505.002

* Update T1518.yaml

added  auto_generated_guids

* Update T1529.yaml

added   auto_generated_guids

* Update T1531.yaml

added   auto_generated_guids

* Update T1543.001.yaml

added   auto_generated_guid

* Update T1543.002.yaml

added   auto_generated_guid

* Update T1543.004.yaml

added   auto_generated_guid

* Update T1546.001.yaml

added   auto_generated_guid

* Update T1546.002.yaml

added   auto_generated_guid

* Update T1546.003.yaml

* Update T1546.004.yaml

added  auto_generated_guid

* Update T1546.005.yaml

added  auto_generated_guid

* add guids back in

* fix spacing issue

* fix spacing

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Sub-techniques T1053-T1113 - Updates (#1022)

* Sub-techniques T1053-T1113 - Updates

Updated techniques for sub-techniques.

* minor fixes

format fixing

* Added GUIDs

- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string

* Sub-technique updates T1546.008 through T1574.011 (#1024)

* sub technique updates

* sub technique updates

* sub technique updates

* Carrie updates (#1017)

* updated T1110,12,13

* updated T1114

* updated T1114

* updated T1115

* updated T1119

* updated T1123,24

* updated T1127

* updated T1114

* updated T1127

* updated T1132

* T1134.004

* T1134.004

* updated T1135

* updated T1136

* updated T1137

* updated T1140

* remove depracted T1153

* updated T1176

* updated T1197

* updated T1201

* updated T1202

* updated T1204

* updated T1207

* updated T1216

* updated T1204

* updated T1217

* updated T1218

* updated T1218

* updated T1219

* updated T1218

* attack_technique to string

* Subtechnique transfer (#1025)

* T1003 review

* T1005 manual review changes

* T1027.002 sub-technique review

* T1027.004 sub-technique review

* T1036 sub-technique review

* T1037 sub-technique review

* T1048 sub-technique review

* YAML bugfixes

* Adding auto-generated GUIDs back to tests

* merging with Mike's PR

* Merging with Carrie's PR

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Subtechnique fix (#1026)

* add atomic_tests: element

* add atomic_tests: element

* more fixes

* more fixes

* more fixes

* sub technique minor fixes 1 (#1027)

* fixes

* fixes

* more fixes

* more fixes

* display name fix (#1028)

* remove some deprecated stuff. reorganize a little (#1031)

* Gendocs fix (#1033)

* gendocs updates for subtechniques

* add folders

* ignore auto generated markdown files

* remove tmp files

* add tmp files

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

* navigator layer v3.0

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com>
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-06-17 12:55:46 -06:00
Carrie Roberts bc4bcf8946 Merge branch 'master' into guid 2020-05-15 10:56:49 -06:00