Generate docs from job=validate_atomics_generate_docs branch=master

2019-11-11 01:55:17 +00:00
parent 36188490dc
commit 5332936f8f
6 changed files with 116 additions and 4 deletions
@@ -22,12 +22,75 @@ Azure CLI (AZ CLI) also provides an interface to obtain permissions groups with

 ## Atomic Tests

- [Atomic Test #1 - Elevated group enumeration using net group](#atomic-test-1---elevated-group-enumeration-using-net-group)
+- [Atomic Test #1 - Permission Groups Discovery](#atomic-test-1---permission-groups-discovery)
+
+- [Atomic Test #2 - Basic Permission Groups Discovery Windows](#atomic-test-2---basic-permission-groups-discovery-windows)
+
+- [Atomic Test #3 - Permission Groups Discovery PowerShell](#atomic-test-3---permission-groups-discovery-powershell)
+
+- [Atomic Test #4 - Elevated group enumeration using net group](#atomic-test-4---elevated-group-enumeration-using-net-group)


 <br/>

-## Atomic Test #1 - Elevated group enumeration using net group
+## Atomic Test #1 - Permission Groups Discovery
+Permission Groups Discovery
+
+**Supported Platforms:** macOS, Linux
+
+
+#### Run it with `sh`! 
+```
+dscacheutil -q group
+dscl . -list /Groups
+groups
+```
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #2 - Basic Permission Groups Discovery Windows
+Basic Permission Groups Discovery for Windows
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`! 
+```
+net localgroup
+net group /domain
+```
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #3 - Permission Groups Discovery PowerShell
+Permission Groups Discovery utilizing PowerShell
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| user | User to identify what groups a user is a member of | string | administrator|
+
+#### Run it with `powershell`! 
+```
+get-localgroup
+get-ADPrinicipalGroupMembership #{user} | select name
+```
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #4 - Elevated group enumeration using net group
 Runs 'net group' command including command aliases and loose typing to simulate enumeration/discovery of high value domain groups

 **Supported Platforms:** Windows
@@ -542,7 +542,10 @@
  - Atomic Test #7: Examine password policy - macOS [macos]
 - T1120 Peripheral Device Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1069 Permission Groups Discovery](./T1069/T1069.md)
-  - Atomic Test #1: Elevated group enumeration using net group [windows]
+  - Atomic Test #1: Permission Groups Discovery [macos, linux]
+  - Atomic Test #2: Basic Permission Groups Discovery Windows [windows]
+  - Atomic Test #3: Permission Groups Discovery PowerShell [windows]
+  - Atomic Test #4: Elevated group enumeration using net group [windows]
 - [T1057 Process Discovery](./T1057/T1057.md)
  - Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
 - [T1012 Query Registry](./T1012/T1012.md)
@@ -15481,6 +15481,48 @@ discovery:
      modified: '2019-10-18T20:37:17.043Z'
      identifier: T1069
    atomic_tests:
+    - name: Permission Groups Discovery
+      description: 'Permission Groups Discovery
+
+'
+      supported_platforms:
+      - macos
+      - linux
+      executor:
+        name: sh
+        command: |
+          dscacheutil -q group
+          dscl . -list /Groups
+          groups
+    - name: Basic Permission Groups Discovery Windows
+      description: 'Basic Permission Groups Discovery for Windows
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        name: command_prompt
+        elevation_required: false
+        command: |
+          net localgroup
+          net group /domain
+    - name: Permission Groups Discovery PowerShell
+      description: 'Permission Groups Discovery utilizing PowerShell
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        user:
+          description: User to identify what groups a user is a member of
+          type: string
+          default: administrator
+      executor:
+        name: powershell
+        elevation_required: false
+        command: |
+          get-localgroup
+          get-ADPrinicipalGroupMembership #{user} | select name
    - name: Elevated group enumeration using net group
      description: 'Runs ''net group'' command including command aliases and loose
        typing to simulate enumeration/discovery of high value domain groups
@@ -93,6 +93,7 @@
  - Atomic Test #3: Examine password complexity policy - CentOS/RHEL 6.x [centos]
  - Atomic Test #4: Examine password expiration policy - All Linux [linux]
 - [T1069 Permission Groups Discovery](./T1069/T1069.md)
+  - Atomic Test #1: Permission Groups Discovery [macos, linux]
 - [T1057 Process Discovery](./T1057/T1057.md)
  - Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
 - [T1018 Remote System Discovery](./T1018/T1018.md)
@@ -105,6 +105,7 @@
  - Atomic Test #7: Examine password policy - macOS [macos]
 - T1120 Peripheral Device Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1069 Permission Groups Discovery](./T1069/T1069.md)
+  - Atomic Test #1: Permission Groups Discovery [macos, linux]
 - [T1057 Process Discovery](./T1057/T1057.md)
  - Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
 - [T1018 Remote System Discovery](./T1018/T1018.md)
@@ -366,7 +366,9 @@
  - Atomic Test #6: Examine domain password policy - Windows [windows]
 - T1120 Peripheral Device Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1069 Permission Groups Discovery](./T1069/T1069.md)
-  - Atomic Test #1: Elevated group enumeration using net group [windows]
+  - Atomic Test #2: Basic Permission Groups Discovery Windows [windows]
+  - Atomic Test #3: Permission Groups Discovery PowerShell [windows]
+  - Atomic Test #4: Elevated group enumeration using net group [windows]
 - [T1057 Process Discovery](./T1057/T1057.md)
 - [T1012 Query Registry](./T1012/T1012.md)
  - Atomic Test #1: Query Registry [windows]