security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2023-08-02 03:23:54 +00:00
parent 3032f9e85b
commit 363cf9a301
5 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1046/T1046.yaml
+1
View File
@@ -195,6 +195,7 @@ atomic_tests:
docker rmi -f t1046
name: sh
- name: Port-Scanning /24 Subnet with PowerShell
auto_generated_guid: 05df2a79-dba6-4088-a804-9ca0802ca8e4
description: |
Scanning common ports in a /24 subnet. If no IP address for the target subnet is specified the test tries to determine the attacking machine's "primary" IPv4 address first and then scans that address with a /24 netmask.
The connection attempts to use a timeout parameter in milliseconds to speed up the scan. Please note the atomic might not print any output until the scans are completed.
atomics/T1490/T1490.yaml
+1
View File
@@ -136,6 +136,7 @@ atomic_tests:
name: command_prompt
elevation_required: true
- name: Windows - vssadmin Resize Shadowstorage Volume
auto_generated_guid: da558b07-69ae-41b9-b9d4-4d98154a7049
description:
Adversaries generally try to Resize Shadowstorage Volume using vssadmin.exe to avoid the shadow volumes being made again. This technique is typically found used by adversaries during a ransomware event and a precursor to deleting the shadowstorage.
supported_platforms:
atomics/T1547.005/T1547.005.yaml
+1
View File
@@ -23,6 +23,7 @@ atomic_tests:
elevation_required: true
- name: Modify HKLM:\System\CurrentControlSet\Control\Lsa\OSConfig Security Support Provider configuration in registry
auto_generated_guid: de3f8e74-3351-4fdb-a442-265dbf231738
description: Add a value to a Windows registry SSP key, simulating an adversarial modification of those keys.
supported_platforms:
- windows
atomics/T1547.012/T1547.012.yaml
+1
View File
@@ -2,6 +2,7 @@ attack_technique: T1547.012
display_name: 'Boot or Logon Autostart Execution: Print Processors'
atomic_tests:
- name: Print Processors
auto_generated_guid: f7d38f47-c61b-47cc-a59d-fc0368f47ed0
description: |
Establishes persistence by creating a new print processor registry key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors.
The new print processor will point to a DLL which will be loaded by the spooler service after a reboot. The DLL will then create the file AtomicTest.txt in C:\Users\Public\ as validation that the test is successful.
atomics/used_guids.txt
+6
View File
@@ -1370,3 +1370,9 @@ bd85e3d1-4aeb-4a1d-850f-7be3cb8d60b9
4cdc9fc7-53fb-4894-9f0c-64836943ea60
d8d13303-159e-4f33-89f4-9f07812d016f
183235ca-8e6c-422c-88c2-3aa28c4825d9
05df2a79-dba6-4088-a804-9ca0802ca8e4
17d046be-fdd0-4cbb-b5c7-55c85d9d0714
37950714-e923-4f92-8c7c-51e4b6fffbf6
da558b07-69ae-41b9-b9d4-4d98154a7049
de3f8e74-3351-4fdb-a442-265dbf231738
f7d38f47-c61b-47cc-a59d-fc0368f47ed0