update

.github/dependabot.yml

@@ -5,12 +5,12 @@
 
 version: 2
 updates:
-  - package-ecosystem: "pip" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "weekly"
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
+- package-ecosystem: "pip" # See documentation for possible values
+  directory: "/" # Location of package manifests
+  schedule:
+    interval: "weekly"
+# Maintain dependencies for GitHub Actions
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"

.github/workflows/assign-labels.yml

@@ -2,58 +2,59 @@ name: assign-labels
 
 on:
   workflow_run:
-    workflows: ["validate-atomics"]
+    workflows:
+    - "validate-atomics"
     types:
-      - completed
+    - completed
 
 jobs:
   assign-labels:
     runs-on: ubuntu-latest
     steps:
-      - name: download-artifact
-        uses: actions/github-script@v8
-        with:
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "labels.json"
-            })[0];
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/labels.zip`, Buffer.from(download.data));
+    - name: download-artifact
+      uses: actions/github-script@v8
+      with:
+        script: |
+          let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+             owner: context.repo.owner,
+             repo: context.repo.repo,
+             run_id: context.payload.workflow_run.id,
+          });
+          let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+            return artifact.name == "labels.json"
+          })[0];
+          let download = await github.rest.actions.downloadArtifact({
+             owner: context.repo.owner,
+             repo: context.repo.repo,
+             artifact_id: matchArtifact.id,
+             archive_format: 'zip',
+          });
+          let fs = require('fs');
+          fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/labels.zip`, Buffer.from(download.data));
 
-      - name: unzip-artifact
-        run: unzip labels.zip
+    - name: unzip-artifact
+      run: unzip labels.zip
 
-      - name: assign-labels-and-reviewers
-        uses: actions/github-script@v8
-        with:
-          script: |
-            let fs = require('fs');
-            const obj = JSON.parse(fs.readFileSync('./labels.json'));
-            console.log(obj)
-            if(obj.labels.length > 0){
-              await github.rest.issues.addLabels({
-                issue_number: obj.pr,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                labels: obj.labels
-               })
-            }
-            if(obj.maintainers.length > 0){
-              await github.rest.issues.addAssignees({
-                issue_number: obj.pr,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                assignees: obj.maintainers
-              });
-            }
+    - name: assign-labels-and-reviewers
+      uses: actions/github-script@v8
+      with:
+        script: |-
+          let fs = require('fs');
+          const obj = JSON.parse(fs.readFileSync('./labels.json'));
+          console.log(obj)
+          if(obj.labels.length > 0){
+            await github.rest.issues.addLabels({
+              issue_number: obj.pr,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: obj.labels
+             })
+          }
+          if(obj.maintainers.length > 0){
+            await github.rest.issues.addAssignees({
+              issue_number: obj.pr,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              assignees: obj.maintainers
+            });
+          }

.github/workflows/generate-docs.yml

@@ -1,69 +1,70 @@
 name: generate-docs
 on:
   push:
-    branches: [ "master" ]
+    branches:
+    - "master"
 
 jobs:
   generate-docs:
     runs-on: ubuntu-latest
     steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-        with:
-          token: ${{ secrets.PROTECTED_BRANCH_PUSH_TOKEN }}
+    - name: checkout repo
+      uses: actions/checkout@v6
+      with:
+        token: ${{ secrets.PROTECTED_BRANCH_PUSH_TOKEN }}
 
-      - name: Install poetry
-        run: pipx install poetry
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.11.2"
-          cache: "poetry"
-      - name: Install dependencies
-        run: poetry install --no-interaction
+    - name: Install poetry
+      run: pipx install poetry
+    - uses: actions/setup-python@v6
+      with:
+        python-version: "3.11.2"
+        cache: "poetry"
+    - name: Install dependencies
+      run: poetry install --no-interaction
 
-      - name: Generate shields.io URL
-        run: poetry run python runner.py generate-counter
-        id: counter
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: Generate shields.io URL
+      run: poetry run python runner.py generate-counter
+      id: counter
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}
 
-      - name: Update README
-        run: |
-          echo ${{ steps.counter.outputs.result }}
-          sed -i "s|https://img.shields.io/badge/Atomics-.*-flat.svg|${{ steps.counter.outputs.result }}|" README.md
-        shell: bash
+    - name: Update README
+      run: |
+        echo ${{ steps.counter.outputs.result }}
+        sed -i "s|https://img.shields.io/badge/Atomics-.*-flat.svg|${{ steps.counter.outputs.result }}|" README.md
+      shell: bash
 
-      - name: Generate and commit unique GUIDs for each atomic test
-        run: poetry run python runner.py generate-guids
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: Generate and commit unique GUIDs for each atomic test
+      run: poetry run python runner.py generate-guids
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}
 
-      - name: setup ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.0
-          bundler-cache: true
+    - name: setup ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.0
+        bundler-cache: true
 
-      - name: generate markdown docs for atomics
-        run: |
-          bin/generate-atomic-docs.rb
-          echo ""
-          echo ""
-          git status
-          echo ""
-          echo ""
-          git diff-index HEAD --
+    - name: generate markdown docs for atomics
+      run: |-
+        bin/generate-atomic-docs.rb
+        echo ""
+        echo ""
+        git status
+        echo ""
+        echo ""
+        git diff-index HEAD --
 
-          if git diff-index --quiet HEAD -- ; then
-            echo "Not committing documentation because there are no changes"
-          else
-            git config credential.helper 'cache --timeout=120'
-            git config user.email "opensource@redcanary.com"
-            git config user.name "Atomic Red Team doc generator"
-            git add README.md
-            git add atomics
-            git commit -am "Generated docs from job=$GITHUB_JOB branch=$GITHUB_REF_NAME [ci skip]"
-            git push origin $GITHUB_REF_NAME -f
-          fi
+        if git diff-index --quiet HEAD -- ; then
+          echo "Not committing documentation because there are no changes"
+        else
+          git config credential.helper 'cache --timeout=120'
+          git config user.email "opensource@redcanary.com"
+          git config user.name "Atomic Red Team doc generator"
+          git add README.md
+          git add atomics
+          git commit -am "Generated docs from job=$GITHUB_JOB branch=$GITHUB_REF_NAME [ci skip]"
+          git push origin $GITHUB_REF_NAME -f
+        fi

.github/workflows/run-python-tests.yml

@@ -3,27 +3,27 @@ name: validate-python-file-changes
 on:
   pull_request:
     branches:
-      - master
+    - master
     paths:
-      - "atomic_red_team/**/*.py"
+    - "atomic_red_team/**/*.py"
 
 jobs:
   validate-python-file-changes:
     runs-on: macos-latest
     steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-      - name: Install poetry
-        run: pipx install poetry
-      - name: setup python3.11
-        uses: actions/setup-python@v6
-        id: setup-python
-        with:
-          python-version: "3.12.4"
-          cache: "poetry"
+    - name: checkout repo
+      uses: actions/checkout@v6
+    - name: Install poetry
+      run: pipx install poetry
+    - name: setup python3.11
+      uses: actions/setup-python@v6
+      id: setup-python
+      with:
+        python-version: "3.12.4"
+        cache: "poetry"
 
-      - name: Install dependencies
-        run: poetry install --no-interaction
+    - name: Install dependencies
+      run: poetry install --no-interaction
 
-      - name: Run pytest
-        run: poetry run pytest atomic_red_team/tests
+    - name: Run pytest
+      run: poetry run pytest atomic_red_team/tests

.github/workflows/stale.yml

@@ -1,19 +1,19 @@
 name: 'Close stale issues and PRs'
 on:
   schedule:
-    - cron: '30 1 * * *'
+  - cron: '30 1 * * *'
 
 jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10
-        with:
-          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
-          stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
-          close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
-          close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.'
-          days-before-issue-stale: 30
-          days-before-pr-stale: 45
-          days-before-issue-close: 10
-          days-before-pr-close: 10
+    - uses: actions/stale@v10
+      with:
+        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+        stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
+        close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
+        close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.'
+        days-before-issue-stale: 30
+        days-before-pr-stale: 45
+        days-before-issue-close: 10
+        days-before-pr-close: 10

.github/workflows/validate-atomics.yml

@@ -3,73 +3,73 @@ name: validate-atomics
 on:
   pull_request:
     branches:
-      - master
+    - master
 
 jobs:
   validate-atomics:
     runs-on: ubuntu-latest
     steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-      - name: Install poetry
-        run: pipx install poetry
-      - name: setup python3.11
-        uses: actions/setup-python@v6
-        id: setup-python
-        with:
-          python-version: "3.11.2"
-          cache: "poetry"
+    - name: checkout repo
+      uses: actions/checkout@v6
+    - name: Install poetry
+      run: pipx install poetry
+    - name: setup python3.11
+      uses: actions/setup-python@v6
+      id: setup-python
+      with:
+        python-version: "3.11.2"
+        cache: "poetry"
 
-      - name: Install dependencies
-        run: poetry install --no-interaction
+    - name: Install dependencies
+      run: poetry install --no-interaction
 
-      - name: validate the format of atomics tests against the spec
-        run: poetry run python runner.py validate
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: validate the format of atomics tests against the spec
+      run: poetry run python runner.py validate
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}
 
   upload:
     runs-on: ubuntu-latest
     steps:
-      - name: checkout repo
-        uses: actions/checkout@v6
-      - name: Install poetry
-        run: pipx install poetry
-      - name: setup python3.11
-        uses: actions/setup-python@v6
-        id: setup-python
-        with:
-          python-version: "3.11.2"
-          cache: "poetry"
-      - uses: actions/github-script@v8
-        id: get_pr_number
-        with:
-          script: |
-            if (context.issue.number) {
-              // Return issue number if present
-              return context.issue.number;
-            } else {
-              // Otherwise return issue number from commit
-              return (
-                await github.rest.repos.listPullRequestsAssociatedWithCommit({
-                  commit_sha: context.sha,
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                })
-              ).data[0].number;
-            }
-          result-encoding: string
-      - name: Install dependencies
-        run: poetry install --no-interaction --no-root
-      - name: save labels and reviewers into a file.
-        run: |
-          poetry run python runner.py generate-labels --pr '${{steps.get_pr_number.outputs.result}}' --token ${{ secrets.GITHUB_TOKEN }}
-        working-directory: atomic_red_team
-        env:
-          PYTHONPATH: ${{ github.workspace }}
+    - name: checkout repo
+      uses: actions/checkout@v6
+    - name: Install poetry
+      run: pipx install poetry
+    - name: setup python3.11
+      uses: actions/setup-python@v6
+      id: setup-python
+      with:
+        python-version: "3.11.2"
+        cache: "poetry"
+    - uses: actions/github-script@v8
+      id: get_pr_number
+      with:
+        script: |
+          if (context.issue.number) {
+            // Return issue number if present
+            return context.issue.number;
+          } else {
+            // Otherwise return issue number from commit
+            return (
+              await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                commit_sha: context.sha,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+              })
+            ).data[0].number;
+          }
+        result-encoding: string
+    - name: Install dependencies
+      run: poetry install --no-interaction --no-root
+    - name: save labels and reviewers into a file.
+      run: |
+        poetry run python runner.py generate-labels --pr '${{steps.get_pr_number.outputs.result}}' --token ${{ secrets.GITHUB_TOKEN }}
+      working-directory: atomic_red_team
+      env:
+        PYTHONPATH: ${{ github.workspace }}
 
-      - uses: actions/upload-artifact@v5
-        with:
-          name: labels.json
-          path: atomic_red_team/pr/
+    - uses: actions/upload-artifact@v5
+      with:
+        name: labels.json
+        path: atomic_red_team/pr/

.github/workflows/validate-terraform.yml

@@ -3,18 +3,18 @@ name: validate-terraform
 on:
   pull_request:
     branches:
-      - master
+    - master
     paths:
-      - "**/*.tf"
+    - "**/*.tf"
 
 jobs:
   validate-terraform:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
-      - uses: hashicorp/setup-terraform@v3
+    - uses: actions/checkout@v6
+    - uses: hashicorp/setup-terraform@v3
 
-      - name: Terraform fmt
-        id: fmt
-        run: terraform fmt -recursive -check
-        continue-on-error: false
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -recursive -check
+      continue-on-error: false

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v6.0.0
+  hooks:
+  - id: trailing-whitespace
+  - id: check-yaml
+  - id: check-added-large-files
+    args:
+    - "--maxkb=10000"
+  - id: check-merge-conflict
+  - id: check-json
+  - id: mixed-line-ending
+  - id: fix-byte-order-marker
+  - id: debug-statements
+
+- repo: https://github.com/google/yamlfmt
+  rev: v0.20.0
+  hooks:
+  - id: yamlfmt
+    args:
+    - "--verbose"

.yamlfmt

@@ -0,0 +1,14 @@
+# yamlfmt configuration file
+# See https://github.com/google/yamlfmt for more options
+
+formatter:
+  indent: 2
+  trim_trailing_whitespace: true
+  eof_newline: true
+  force_array_style: block
+  retain_line_breaks_single: true
+  indentless_arrays: true
+  verbose: true
+
+exclude:
+  - ".git/**"

atomics/T1110.003/T1110.003.yaml

@@ -3,7 +3,7 @@ display_name: 'Brute Force: Password Spraying'
 atomic_tests:
 - name: Password Spray all Domain Users
   auto_generated_guid: 90bc2e54-6c84-47a5-9439-0a2a92b4b175
-  description:
+  description: |
     CAUTION! Be very careful to not exceed the password lockout threshold for users in the domain by running this test too frequently.
 
     This atomic attempts to map the IPC$ share on one of the Domain Controllers using a password of Spring2020 for each user in the %temp%\users.txt list.

atomics/T1559.002/T1559.002.yaml

@@ -34,7 +34,6 @@ atomic_tests:
 - name: DDEAUTO
   auto_generated_guid: cf91174c-4e74-414e-bec0-8d60a104d181
   description: |
-
     TrustedSec - Unicorn - https://github.com/trustedsec/unicorn
 
     SensePost DDEAUTO - https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/