Linux Discovery yaml conversions

Linux/Discovery/File_and_Directory_Discovery.md

@@ -1,19 +0,0 @@
-#File and Directory Discovery
-
-## MITRE ATT&CK Technique: [T1083](https://attack.mitre.org/wiki/Technique/T1083)
-
-Output a directory tree listing :
-
-    cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
-
-List Mounted File Systems and Paths
-
-    cat /etc/mtab > /tmp/loot.txt
-
-Find pdfs on a machine
-
-    find . -type f -iname *.pdf > /tmp/loot.txt
-
-Find hidden files on a machine
-
-     find . -type f -name ".*"

Linux/Discovery/Process_Discovery.md

@@ -1,14 +0,0 @@
-## Process Discovery
-
-MITRE ATT&CK Technique: [T1057](https://attack.mitre.org/wiki/Technique/T1057)
-
-
-### Process Discovery
-
-Input:
-
-    ps >> /tmp/loot.txt
-
-Input:
-
-    ps aux >> /tmp/loot.txt

Linux/Discovery/Remote_System_Discovery.md

@@ -1,18 +0,0 @@
-## Remote System Discovery
-
-MITRE ATT&CK Technique: [T1018](https://attack.mitre.org/wiki/Technique/T1018)
-
-
-### arp
-
-Input:
-
-    arp -a | grep -v '^?'
-
-
-### Network scanning
-
-
-Input:
-
-    for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip -o; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

Linux/Discovery/System_Information_Discovery.md

@@ -1,16 +0,0 @@
-# System Information Discovery
-
-MITRE ATT&CK Technique: [T1082](https://attack.mitre.org/wiki/Technique/T1082)
-
-List OS information:
-
-    uname -a >> /tmp/loot.txt
-
-List OS specific information:
-
-    cat /etc/lsb-release >> /tmp/loot.txt
-    cat /etc/redhat-release >> /tmp/loot.txt
-
-Show how long a machine has been running:
-
-    uptime >> /tmp/loot.txt

Linux/Discovery/System_Network_Configuration_Discovery.md

@@ -1,17 +0,0 @@
-## System Network Configuration Discovery
-
-MITRE ATT&CK Technique: [T1016](https://attack.mitre.org/wiki/Technique/T1016)
-
-### Network Data
-
-Input:
-
-    arp -a
-
-Input:
-
-    netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
-
-Input:
-
-    ifconfig

atomics/T1082/T1082.yaml

@@ -30,3 +30,19 @@ atomic_tests:
       systemsetup
       system_profiler
       ls -al /Applications
+
+- name: List OS Information
+  description: |
+    Identify System Info
+
+  supported_platforms:
+    - linux
+    - macos
+
+  executor:
+    name: sh
+    command: |
+      uname -a >> /tmp/loot.txt
+      cat /etc/lsb-release >> /tmp/loot.txt
+      cat /etc/redhat-release >> /tmp/loot.txt
+      uptime >> /tmp/loot.txt

atomics/T1083/T1083.yaml

@@ -44,3 +44,20 @@ atomic_tests:
       file */* *>> ../files.txt
       find . -type f
       ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
+
+
+- name: nix file and diectory discovery
+  description: |
+    Find or discovery files on the file system
+
+  supported_platforms:
+    - macos
+    - linux
+
+  executor:
+    name: sh
+    command: |
+      cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
+      cat /etc/mtab > /tmp/loot.txt
+      find . -type f -iname *.pdf > /tmp/loot.txt
+      find . -type f -name ".*"