security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-12-11 00:37:58 +00:00
parent 78a9b8296e
commit 24d1919fdf
3 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+10 -8
View File
@@ -116578,7 +116578,9 @@ impact:
type: path
default: "$env:temp\\test.txt"
dependencies:
- description: 'GPG must exist at (#{GPG_Exe_Location})
- description: 'GPG must exist at (#{GPG_Exe_Location}). If -GetPrereqs fails,
try to install GPG4WIN manually at ''https://www.gpg4win.org/download.html''.
Once done, run -CheckPrereqs to confirm that it works.
'
prereq_command: 'if (test-path ''#{GPG_Exe_Location}''){exit 0} else {exit
@@ -116586,19 +116588,19 @@ impact:
'
get_prereq_command: |
Set-Content -Path "#{File_to_Encrypt_Location}" -Value "populating this file with some text" # Create the test.txt file
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
invoke-webrequest "https://files.gpg4win.org/gpg4win-4.1.0.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\gpginstall.exe"
cmd /c "PathToAtomicsFolder\..\ExternalPayloads\gpginstall.exe" /S
executor:
name: powershell
elevation_required: false
command: 'cmd /c ''#{GPG_Exe_Location}'' -c ''#{File_to_Encrypt_Location}''
'
cleanup_command: 'remove-item ''#{File_to_Encrypt_Location}.gpg'' -force -erroraction
silentlycontinue | out-null
'
command: |
Set-Content -Path "#{File_to_Encrypt_Location}" -Value "populating this file with some text" # Create the test.txt file again in case prereqs failed
cmd /c "`"C:\Program Files (x86)\GnuPG\bin\gpg.exe`" --passphrase 'SomeParaphraseBlah' --batch --yes -c `"#{File_to_Encrypt_Location}`""
cleanup_command: |
Remove-Item -Path "#{File_to_Encrypt_Location}" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "#{File_to_Encrypt_Location}.gpg" -Force -ErrorAction SilentlyContinue
- name: Data Encrypt Using DiskCryptor
auto_generated_guid: 44b68e11-9da2-4d45-a0d9-893dabd60f30
description: 'DiskCryptor, an open source encryption utility, can be exploited
atomics/Indexes/windows-index.yaml
+10 -8
View File
@@ -96439,7 +96439,9 @@ impact:
type: path
default: "$env:temp\\test.txt"
dependencies:
- description: 'GPG must exist at (#{GPG_Exe_Location})
- description: 'GPG must exist at (#{GPG_Exe_Location}). If -GetPrereqs fails,
try to install GPG4WIN manually at ''https://www.gpg4win.org/download.html''.
Once done, run -CheckPrereqs to confirm that it works.
'
prereq_command: 'if (test-path ''#{GPG_Exe_Location}''){exit 0} else {exit
@@ -96447,19 +96449,19 @@ impact:
'
get_prereq_command: |
Set-Content -Path "#{File_to_Encrypt_Location}" -Value "populating this file with some text" # Create the test.txt file
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
invoke-webrequest "https://files.gpg4win.org/gpg4win-4.1.0.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\gpginstall.exe"
cmd /c "PathToAtomicsFolder\..\ExternalPayloads\gpginstall.exe" /S
executor:
name: powershell
elevation_required: false
command: 'cmd /c ''#{GPG_Exe_Location}'' -c ''#{File_to_Encrypt_Location}''
'
cleanup_command: 'remove-item ''#{File_to_Encrypt_Location}.gpg'' -force -erroraction
silentlycontinue | out-null
'
command: |
Set-Content -Path "#{File_to_Encrypt_Location}" -Value "populating this file with some text" # Create the test.txt file again in case prereqs failed
cmd /c "`"C:\Program Files (x86)\GnuPG\bin\gpg.exe`" --passphrase 'SomeParaphraseBlah' --batch --yes -c `"#{File_to_Encrypt_Location}`""
cleanup_command: |
Remove-Item -Path "#{File_to_Encrypt_Location}" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "#{File_to_Encrypt_Location}.gpg" -Force -ErrorAction SilentlyContinue
- name: Data Encrypt Using DiskCryptor
auto_generated_guid: 44b68e11-9da2-4d45-a0d9-893dabd60f30
description: 'DiskCryptor, an open source encryption utility, can be exploited
atomics/T1486/T1486.md
+6 -3
View File
@@ -396,24 +396,27 @@ Gpg4win is a Windows tool (also called Kleopatra which is the preferred certific
```powershell
cmd /c '#{GPG_Exe_Location}' -c '#{File_to_Encrypt_Location}'
Set-Content -Path "#{File_to_Encrypt_Location}" -Value "populating this file with some text" # Create the test.txt file again in case prereqs failed
cmd /c "`"C:\Program Files (x86)\GnuPG\bin\gpg.exe`" --passphrase 'SomeParaphraseBlah' --batch --yes -c `"#{File_to_Encrypt_Location}`""
```
#### Cleanup Commands:
```powershell
remove-item '#{File_to_Encrypt_Location}.gpg' -force -erroraction silentlycontinue | out-null
Remove-Item -Path "#{File_to_Encrypt_Location}" -Force -ErrorAction SilentlyContinue
Remove-Item -Path "#{File_to_Encrypt_Location}.gpg" -Force -ErrorAction SilentlyContinue
```
#### Dependencies: Run with `powershell`!
##### Description: GPG must exist at (#{GPG_Exe_Location})
##### Description: GPG must exist at (#{GPG_Exe_Location}). If -GetPrereqs fails, try to install GPG4WIN manually at 'https://www.gpg4win.org/download.html'. Once done, run -CheckPrereqs to confirm that it works.
##### Check Prereq Commands:
```powershell
if (test-path '#{GPG_Exe_Location}'){exit 0} else {exit 1}
```
##### Get Prereq Commands:
```powershell
Set-Content -Path "#{File_to_Encrypt_Location}" -Value "populating this file with some text" # Create the test.txt file
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
invoke-webrequest "https://files.gpg4win.org/gpg4win-4.1.0.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\gpginstall.exe"
cmd /c "PathToAtomicsFolder\..\ExternalPayloads\gpginstall.exe" /S