security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move bin scripts into bin, apis into atomic-red-team

Browse Source
This commit is contained in:
Brian Beyer
2018-05-11 06:49:20 +02:00
parent 6225b0caa6
commit 4042cb3433
13 changed files with 199 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CONTRIBUTIONS.md
+25 -21
View File
@@ -1,35 +1,39 @@
## How to contribute to Atomic Red Team
#### **Atomic Contribution**
# How to contribute to Atomic Red Team
## Atomic Philosophy
Atomic Red Team welcomes all types of contributions as long as it is mapped to [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page).
The Framework is also meant to be "easy". If your Atomic test is complicated and requires multiple external utilities/packages/Kali, we may dismiss it.
- Tests are made to be "easy". If your Atomic test is complicated and requires multiple external utilities/packages/Kali, we may dismiss it.
TEST YOUR Atomic Test! Be sure to run it from a few OS platforms before submitting a pull to ensure everything is working correctly.
- TEST YOUR Atomic Test! Be sure to run it from a few OS platforms before submitting a pull to ensure everything is working correctly.
If sourcing from another tool/product (ex. generated command), be sure to cite it in your .md file.
- If sourcing from another tool/product (ex. generated command), be sure to cite it in the test's description.
Any and all Payloads need to be placed in the respective Windows|Mac|Linux Payload directory.
## How to contribute
Pick the technique you want to add a test for and run the generator:
Be sure you update the ATT&CK url, Txxxx number, and the title (ex. InstallUtil).
```
bin/new-atomic.rb T1234
```
This makes a new test for the technique with a bunch of TBDs you'll fill in and opens up your editor
so you can get to work.
#### Atomic Template Example
Fill in the TBDs with the information for your test. Read the [Atomic Red Team YAML Spec](atomic-red-team/spec.yaml)
for complete details about what each field means and a list of possible values.
Validate that your Atomic Test is up to code!
## InstallUtil
```
bin/validate-atomics.rb
```
MITRE ATT&CK Technique: [T1118](https://attack.mitre.org/wiki/Technique/T1118)
Submit a pull request once your test is complete and everything validates.
### Execution Examples:
## Generating Atomic docs yourself (optional)
If you want to see what the pretty Markdown version of your Atomic Test is going to look like,
you can generate the Atomic Docs yourself:
Input:
x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
## Test Script
[InstallUtilBypass.cs](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/InstallUtilBypass.cs)
```
bin/generate-atomic-docs.rb
```