Generated docs from job=generate-docs branch=master [ci skip]

2024-09-14 22:37:32 +00:00
parent 119501abc6
commit 4372dc5341
12 changed files with 246 additions and 6 deletions
@@ -2,7 +2,7 @@

 # Atomic Red Team

-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1637-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1640-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)

 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use
@@ -1675,6 +1675,9 @@ discovery,T1613,Container and Resource Discovery,1,Docker Container and Resource
 discovery,T1613,Container and Resource Discovery,2,Podman Container and Resource Discovery,fc631702-3f03-4f2b-8d8a-6b3d055580a1,sh
 discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,1,Check internet connection using ping Windows,e184b6bd-fb28-48aa-9a59-13012e33d7dc,command_prompt
 discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,2,"Check internet connection using ping freebsd, linux or macos",be8f4019-d8b6-434c-a814-53123cdcc11e,bash
+discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,3,Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping),f8160cde-4e16-4c8b-8450-6042d5363eb0,powershell
+discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,4,Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP),7c35779d-42ec-42ab-a283-6255b28e9d68,powershell
+discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,5,Check internet connection using Test-NetConnection in PowerShell (TCP-SMB),d9c32b3b-7916-45ad-aca5-6c902da80319,powershell
 discovery,T1615,Group Policy Discovery,1,Display group policy information via gpresult,0976990f-53b1-4d3f-a185-6df5be429d3b,command_prompt
 discovery,T1615,Group Policy Discovery,2,Get-DomainGPO to display group policy information via PowerView,4e524c4e-0e02-49aa-8df5-93f3f7959b9f,powershell
 discovery,T1615,Group Policy Discovery,3,WinPwn - GPOAudit,bc25c04b-841e-4965-855f-d1f645d7ab73,powershell
@@ -1126,6 +1126,9 @@ discovery,T1033,System Owner/User Discovery,5,GetCurrent User with PowerShell Sc
 discovery,T1033,System Owner/User Discovery,6,System Discovery - SocGholish whoami,3d257a03-eb80-41c5-b744-bb37ac7f65c7,powershell
 discovery,T1033,System Owner/User Discovery,7,System Owner/User Discovery Using Command Prompt,ba38e193-37a6-4c41-b214-61b33277fe36,command_prompt
 discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,1,Check internet connection using ping Windows,e184b6bd-fb28-48aa-9a59-13012e33d7dc,command_prompt
+discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,3,Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping),f8160cde-4e16-4c8b-8450-6042d5363eb0,powershell
+discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,4,Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP),7c35779d-42ec-42ab-a283-6255b28e9d68,powershell
+discovery,T1016.001,System Network Configuration Discovery: Internet Connection Discovery,5,Check internet connection using Test-NetConnection in PowerShell (TCP-SMB),d9c32b3b-7916-45ad-aca5-6c902da80319,powershell
 discovery,T1615,Group Policy Discovery,1,Display group policy information via gpresult,0976990f-53b1-4d3f-a185-6df5be429d3b,command_prompt
 discovery,T1615,Group Policy Discovery,2,Get-DomainGPO to display group policy information via PowerView,4e524c4e-0e02-49aa-8df5-93f3f7959b9f,powershell
 discovery,T1615,Group Policy Discovery,3,WinPwn - GPOAudit,bc25c04b-841e-4965-855f-d1f645d7ab73,powershell
@@ -2321,6 +2321,9 @@
 - [T1016.001 System Network Configuration Discovery: Internet Connection Discovery](../../T1016.001/T1016.001.md)
  - Atomic Test #1: Check internet connection using ping Windows [windows]
  - Atomic Test #2: Check internet connection using ping freebsd, linux or macos [macos, linux]
+  - Atomic Test #3: Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping) [windows]
+  - Atomic Test #4: Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP) [windows]
+  - Atomic Test #5: Check internet connection using Test-NetConnection in PowerShell (TCP-SMB) [windows]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1069.003 Cloud Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1615 Group Policy Discovery](../../T1615/T1615.md)
@@ -1622,6 +1622,9 @@
  - Atomic Test #7: System Owner/User Discovery Using Command Prompt [windows]
 - [T1016.001 System Network Configuration Discovery: Internet Connection Discovery](../../T1016.001/T1016.001.md)
  - Atomic Test #1: Check internet connection using ping Windows [windows]
+  - Atomic Test #3: Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping) [windows]
+  - Atomic Test #4: Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP) [windows]
+  - Atomic Test #5: Check internet connection using Test-NetConnection in PowerShell (TCP-SMB) [windows]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1615 Group Policy Discovery](../../T1615/T1615.md)
  - Atomic Test #1: Display group policy information via gpresult [windows]
@@ -98252,6 +98252,66 @@ discovery:
        elevation_required: false
        command: 'ping -n 4 #{ping_target}

+          '
+    - name: Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping)
+      auto_generated_guid: f8160cde-4e16-4c8b-8450-6042d5363eb0
+      description: 'Check internet connection using PowerShell''s Test-NetConnection
+        cmdlet and the ICMP/Ping protocol. The default target is 8.8.8.8 (Google Public
+        DNS).
+
+        '
+      supported_platforms:
+      - windows
+      input_arguments:
+        target:
+          description: target of the request
+          type: string
+          default: 8.8.8.8
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Test-NetConnection -ComputerName #{target}
+
+          '
+    - name: Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP)
+      auto_generated_guid: 7c35779d-42ec-42ab-a283-6255b28e9d68
+      description: 'Check internet connection using PowerShell''s Test-NetConnection
+        cmdlet and the TCP protocol to check for outbound HTTP (Port 80) access. The
+        default target is www.google.com.
+
+        '
+      supported_platforms:
+      - windows
+      input_arguments:
+        target:
+          description: target of the request
+          type: string
+          default: www.google.com
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Test-NetConnection -CommonTCPPort HTTP -ComputerName #{target}
+
+          '
+    - name: Check internet connection using Test-NetConnection in PowerShell (TCP-SMB)
+      auto_generated_guid: d9c32b3b-7916-45ad-aca5-6c902da80319
+      description: 'Check internet connection using PowerShell''s Test-NetConnection
+        cmdlet and the TCP protocol to check for outbound SMB (Port 445) access. The
+        default target is 8.8.8.8.
+
+        '
+      supported_platforms:
+      - windows
+      input_arguments:
+        target:
+          description: target of the request
+          type: string
+          default: 8.8.8.8
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Test-NetConnection -CommonTCPPort SMB -ComputerName #{target}
+
          '
  T1069:
    technique:
@@ -80854,6 +80854,66 @@ discovery:
        elevation_required: false
        command: 'ping -n 4 #{ping_target}

+          '
+    - name: Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping)
+      auto_generated_guid: f8160cde-4e16-4c8b-8450-6042d5363eb0
+      description: 'Check internet connection using PowerShell''s Test-NetConnection
+        cmdlet and the ICMP/Ping protocol. The default target is 8.8.8.8 (Google Public
+        DNS).
+
+        '
+      supported_platforms:
+      - windows
+      input_arguments:
+        target:
+          description: target of the request
+          type: string
+          default: 8.8.8.8
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Test-NetConnection -ComputerName #{target}
+
+          '
+    - name: Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP)
+      auto_generated_guid: 7c35779d-42ec-42ab-a283-6255b28e9d68
+      description: 'Check internet connection using PowerShell''s Test-NetConnection
+        cmdlet and the TCP protocol to check for outbound HTTP (Port 80) access. The
+        default target is www.google.com.
+
+        '
+      supported_platforms:
+      - windows
+      input_arguments:
+        target:
+          description: target of the request
+          type: string
+          default: www.google.com
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Test-NetConnection -CommonTCPPort HTTP -ComputerName #{target}
+
+          '
+    - name: Check internet connection using Test-NetConnection in PowerShell (TCP-SMB)
+      auto_generated_guid: d9c32b3b-7916-45ad-aca5-6c902da80319
+      description: 'Check internet connection using PowerShell''s Test-NetConnection
+        cmdlet and the TCP protocol to check for outbound SMB (Port 445) access. The
+        default target is 8.8.8.8.
+
+        '
+      supported_platforms:
+      - windows
+      input_arguments:
+        target:
+          description: target of the request
+          type: string
+          default: 8.8.8.8
+      executor:
+        name: powershell
+        elevation_required: false
+        command: 'Test-NetConnection -CommonTCPPort SMB -ComputerName #{target}
+
          '
  T1069:
    technique:
@@ -10,6 +10,12 @@ Adversaries may use the results and responses from these requests to determine i

 - [Atomic Test #2 - Check internet connection using ping freebsd, linux or macos](#atomic-test-2---check-internet-connection-using-ping-freebsd-linux-or-macos)

+- [Atomic Test #3 - Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping)](#atomic-test-3---check-internet-connection-using-test-netconnection-in-powershell-icmp-ping)
+
+- [Atomic Test #4 - Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP)](#atomic-test-4---check-internet-connection-using-test-netconnection-in-powershell-tcp-http)
+
+- [Atomic Test #5 - Check internet connection using Test-NetConnection in PowerShell (TCP-SMB)](#atomic-test-5---check-internet-connection-using-test-netconnection-in-powershell-tcp-smb)
+

 <br/>

@@ -76,4 +82,103 @@ ping -n 4 #{ping_target}



+<br/>
+<br/>
+
+## Atomic Test #3 - Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping)
+Check internet connection using PowerShell's Test-NetConnection cmdlet and the ICMP/Ping protocol. The default target is 8.8.8.8 (Google Public DNS).
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** f8160cde-4e16-4c8b-8450-6042d5363eb0
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| target | target of the request | string | 8.8.8.8|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Test-NetConnection -ComputerName #{target}
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #4 - Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP)
+Check internet connection using PowerShell's Test-NetConnection cmdlet and the TCP protocol to check for outbound HTTP (Port 80) access. The default target is www.google.com.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 7c35779d-42ec-42ab-a283-6255b28e9d68
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| target | target of the request | string | www.google.com|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Test-NetConnection -CommonTCPPort HTTP -ComputerName #{target}
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #5 - Check internet connection using Test-NetConnection in PowerShell (TCP-SMB)
+Check internet connection using PowerShell's Test-NetConnection cmdlet and the TCP protocol to check for outbound SMB (Port 445) access. The default target is 8.8.8.8.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** d9c32b3b-7916-45ad-aca5-6c902da80319
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| target | target of the request | string | 8.8.8.8|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Test-NetConnection -CommonTCPPort SMB -ComputerName #{target}
+```
+
+
+
+
+
+
 <br/>
@@ -35,7 +35,7 @@ atomic_tests:
    command: |
      ping -n 4 #{ping_target}
 - name: Check internet connection using Test-NetConnection in PowerShell (ICMP-Ping)
-  auto_generated_guid:
+  auto_generated_guid: f8160cde-4e16-4c8b-8450-6042d5363eb0
  description: |
    Check internet connection using PowerShell's Test-NetConnection cmdlet and the ICMP/Ping protocol. The default target is 8.8.8.8 (Google Public DNS).
  supported_platforms:
@@ -51,7 +51,7 @@ atomic_tests:
    command: |
      Test-NetConnection -ComputerName #{target}
 - name: Check internet connection using Test-NetConnection in PowerShell (TCP-HTTP)
-  auto_generated_guid:
+  auto_generated_guid: 7c35779d-42ec-42ab-a283-6255b28e9d68
  description: |
    Check internet connection using PowerShell's Test-NetConnection cmdlet and the TCP protocol to check for outbound HTTP (Port 80) access. The default target is www.google.com.
  supported_platforms:
@@ -67,7 +67,7 @@ atomic_tests:
    command: |
      Test-NetConnection -CommonTCPPort HTTP -ComputerName #{target}
 - name: Check internet connection using Test-NetConnection in PowerShell (TCP-SMB)
-  auto_generated_guid:
+  auto_generated_guid: d9c32b3b-7916-45ad-aca5-6c902da80319
  description: |
    Check internet connection using PowerShell's Test-NetConnection cmdlet and the TCP protocol to check for outbound SMB (Port 445) access. The default target is 8.8.8.8.
  supported_platforms:
@@ -1676,3 +1676,6 @@ fe53e878-10a3-477b-963e-4367348f5af5
 e184b6bd-fb28-48aa-9a59-13012e33d7dc
 be8f4019-d8b6-434c-a814-53123cdcc11e
 547a4736-dd1c-4b48-b4fe-e916190bb2e7
+f8160cde-4e16-4c8b-8450-6042d5363eb0
+7c35779d-42ec-42ab-a283-6255b28e9d68
+d9c32b3b-7916-45ad-aca5-6c902da80319