Generate docs from job=validate_atomics_generate_docs branch=master
This commit is contained in:
CircleCI Atomic Red Team doc generator
parent
b206a0d7cd
commit
4e4f8a2775
File diff suppressed because one or more lines are too long
@@ -233,6 +233,8 @@ defense-evasion,T1070.003,Clear Command History,5,Clear Bash history (truncate),
|
||||
defense-evasion,T1070.003,Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
|
||||
defense-evasion,T1070.003,Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
|
||||
defense-evasion,T1070.003,Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
|
||||
defense-evasion,T1070.003,Clear Command History,9,Prevent Powershell History Logging,2f898b81-3e97-4abb-bc3f-a95138988370,powershell
|
||||
defense-evasion,T1070.003,Clear Command History,10,Clear Powershell History by Deleting History File,da75ae8d-26d6-4483-b0fe-700e4df4f037,powershell
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,1,rm -rf,989cc1b1-3642-4260-a809-54f9dd559683,sh
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,2,Overwrite Linux Mail Spool,1602ff76-ed7f-4c94-b550-2f727b4782d4,bash
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,3,Overwrite Linux Log,d304b2dc-90b4-4465-a650-16ddd503f7b5,bash
|
||||
|
||||
|
@@ -481,6 +481,8 @@
|
||||
- Atomic Test #6: Clear history of a bunch of shells [linux, macos]
|
||||
- Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
|
||||
- Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
|
||||
- Atomic Test #9: Prevent Powershell History Logging [windows]
|
||||
- Atomic Test #10: Clear Powershell History by Deleting History File [windows]
|
||||
- [T1070.002 Clear Linux or Mac System Logs](../../T1070.002/T1070.002.md)
|
||||
- Atomic Test #1: rm -rf [macos, linux]
|
||||
- Atomic Test #2: Overwrite Linux Mail Spool [linux]
|
||||
|
||||
@@ -22373,6 +22373,31 @@ defense-evasion:
|
||||
hostname
|
||||
whoami
|
||||
name: sh
|
||||
- name: Prevent Powershell History Logging
|
||||
auto_generated_guid: 2f898b81-3e97-4abb-bc3f-a95138988370
|
||||
description: 'Prevents Powershell history
|
||||
|
||||
'
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
command: 'Set-PSReadlineOption –HistorySaveStyle SaveNothing
|
||||
|
||||
'
|
||||
name: powershell
|
||||
cleanup_command: Set-PSReadlineOption –HistorySaveStyle SaveIncrementally
|
||||
- name: Clear Powershell History by Deleting History File
|
||||
auto_generated_guid: da75ae8d-26d6-4483-b0fe-700e4df4f037
|
||||
description: 'Clears Powershell history
|
||||
|
||||
'
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
command: 'Remove-Item (Get-PSReadlineOption).HistorySavePath
|
||||
|
||||
'
|
||||
name: powershell
|
||||
T1070.002:
|
||||
technique:
|
||||
external_references:
|
||||
|
||||
@@ -24,6 +24,10 @@ Adversaries can use a variety of methods to prevent their own commands from appe
|
||||
|
||||
- [Atomic Test #8 - Use Space Before Command to Avoid Logging to History](#atomic-test-8---use-space-before-command-to-avoid-logging-to-history)
|
||||
|
||||
- [Atomic Test #9 - Prevent Powershell History Logging](#atomic-test-9---prevent-powershell-history-logging)
|
||||
|
||||
- [Atomic Test #10 - Clear Powershell History by Deleting History File](#atomic-test-10---clear-powershell-history-by-deleting-history-file)
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -222,4 +226,56 @@ whoami
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
## Atomic Test #9 - Prevent Powershell History Logging
|
||||
Prevents Powershell history
|
||||
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Attack Commands: Run with `powershell`!
|
||||
|
||||
|
||||
```powershell
|
||||
Set-PSReadlineOption –HistorySaveStyle SaveNothing
|
||||
```
|
||||
|
||||
#### Cleanup Commands:
|
||||
```powershell
|
||||
Set-PSReadlineOption –HistorySaveStyle SaveIncrementally
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
## Atomic Test #10 - Clear Powershell History by Deleting History File
|
||||
Clears Powershell history
|
||||
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Attack Commands: Run with `powershell`!
|
||||
|
||||
|
||||
```powershell
|
||||
Remove-Item (Get-PSReadlineOption).HistorySavePath
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -95,6 +95,7 @@ atomic_tests:
|
||||
whoami
|
||||
name: sh
|
||||
- name: Prevent Powershell History Logging
|
||||
auto_generated_guid: 2f898b81-3e97-4abb-bc3f-a95138988370
|
||||
description: |
|
||||
Prevents Powershell history
|
||||
supported_platforms:
|
||||
@@ -105,6 +106,7 @@ atomic_tests:
|
||||
name: powershell
|
||||
cleanup_command: 'Set-PSReadlineOption –HistorySaveStyle SaveIncrementally'
|
||||
- name: Clear Powershell History by Deleting History File
|
||||
auto_generated_guid: da75ae8d-26d6-4483-b0fe-700e4df4f037
|
||||
description: |
|
||||
Clears Powershell history
|
||||
supported_platforms:
|
||||
|
||||
@@ -573,3 +573,5 @@ afb5e09e-e385-4dee-9a94-6ee60979d114
|
||||
815bef8b-bf91-4b67-be4c-abe4c2a94ccc
|
||||
6f5822d2-d38d-4f48-9bfc-916607ff6b8c
|
||||
727dbcdb-e495-4ab1-a6c4-80c7f77aef85
|
||||
2f898b81-3e97-4abb-bc3f-a95138988370
|
||||
da75ae8d-26d6-4483-b0fe-700e4df4f037
|
||||
|
||||
Reference in New Issue
Block a user