security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-09-22 17:17:53 +00:00
parent c1e3d3b8e2
commit 75d5fc2fb2
11 changed files with 30 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
+1 -1
View File
@@ -1 +1 @@
{"name":"Atomic Red Team (Iaas:GCP)","versions":{"attack":"11","navigator":"4.5.5","layer":"4.3"},"description":"Atomic Red Team (Iaas:GCP) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[]}
{"name":"Atomic Red Team (Iaas:GCP)","versions":{"attack":"11","navigator":"4.5.5","layer":"4.3"},"description":"Atomic Red Team (Iaas:GCP) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1078","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078/T1078.md"}]},{"techniqueID":"T1078.004","score":1,"enabled":true,"comment":"\n- Creating GCP Service Account and Service Account Key\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.004/T1078.004.md"}]}]}
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
+1 -1
View File
@@ -1 +1 @@
{"name":"Atomic Red Team (Iaas)","versions":{"attack":"11","navigator":"4.5.5","layer":"4.3"},"description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1098","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"}],"comment":"\n- AWS - Create a group and add a user to that group\n- Azure - adding user to Azure role in subscription\n- Azure - adding service principal to Azure role in subscription\n"},{"techniqueID":"T1098.001","score":1,"enabled":true,"comment":"\n- AWS - Create Access Key and Secret Key\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"}]},{"techniqueID":"T1136","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md"}]},{"techniqueID":"T1136.003","score":1,"enabled":true,"comment":"\n- AWS - Create a new IAM user\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"}]},{"techniqueID":"T1526","score":1,"enabled":true,"comment":"\n- Azure - Dump Subscription Data with MicroBurst\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1526/T1526.md"}]},{"techniqueID":"T1528","score":1,"enabled":true,"comment":"\n- Azure - Dump All Azure Key Vaults with Microburst\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1528/T1528.md"}]},{"techniqueID":"T1530","score":3,"enabled":true,"comment":"\n- Azure - Enumerate Azure Blobs with MicroBurst\n- Azure - Scan for Anonymous Access to Azure Storage (Powershell)\n- AWS - Scan for Anonymous Access to S3\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1530/T1530.md"}]},{"techniqueID":"T1552","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}]},{"techniqueID":"T1552.005","score":1,"enabled":true,"comment":"\n- Azure - Dump Azure Instance Metadata from Virtual Machines\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.005/T1552.005.md"}]},{"techniqueID":"T1562","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562/T1562.md"}]},{"techniqueID":"T1562.008","score":5,"enabled":true,"comment":"\n- AWS - CloudTrail Changes\n- Azure - Eventhub Deletion\n- AWS - CloudWatch Log Group Deletes\n- AWS - CloudWatch Log Stream Deletes\n- AWS CloudWatch Log Stream Deletes\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]},{"techniqueID":"T1619","score":1,"enabled":true,"comment":"\n- AWS S3 Enumeration\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1619/T1619.md"}]}]}
{"name":"Atomic Red Team (Iaas)","versions":{"attack":"11","navigator":"4.5.5","layer":"4.3"},"description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1078","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078/T1078.md"}]},{"techniqueID":"T1078.004","score":1,"enabled":true,"comment":"\n- Creating GCP Service Account and Service Account Key\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.004/T1078.004.md"}]},{"techniqueID":"T1098","score":4,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"}],"comment":"\n- AWS - Create a group and add a user to that group\n- Azure - adding user to Azure role in subscription\n- Azure - adding service principal to Azure role in subscription\n"},{"techniqueID":"T1098.001","score":1,"enabled":true,"comment":"\n- AWS - Create Access Key and Secret Key\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"}]},{"techniqueID":"T1136","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md"}]},{"techniqueID":"T1136.003","score":1,"enabled":true,"comment":"\n- AWS - Create a new IAM user\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"}]},{"techniqueID":"T1526","score":1,"enabled":true,"comment":"\n- Azure - Dump Subscription Data with MicroBurst\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1526/T1526.md"}]},{"techniqueID":"T1528","score":1,"enabled":true,"comment":"\n- Azure - Dump All Azure Key Vaults with Microburst\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1528/T1528.md"}]},{"techniqueID":"T1530","score":3,"enabled":true,"comment":"\n- Azure - Enumerate Azure Blobs with MicroBurst\n- Azure - Scan for Anonymous Access to Azure Storage (Powershell)\n- AWS - Scan for Anonymous Access to S3\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1530/T1530.md"}]},{"techniqueID":"T1552","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}]},{"techniqueID":"T1552.005","score":1,"enabled":true,"comment":"\n- Azure - Dump Azure Instance Metadata from Virtual Machines\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.005/T1552.005.md"}]},{"techniqueID":"T1562","score":5,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562/T1562.md"}]},{"techniqueID":"T1562.008","score":5,"enabled":true,"comment":"\n- AWS - CloudTrail Changes\n- Azure - Eventhub Deletion\n- AWS - CloudWatch Log Group Deletes\n- AWS - CloudWatch Log Stream Deletes\n- AWS CloudWatch Log Stream Deletes\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]},{"techniqueID":"T1619","score":1,"enabled":true,"comment":"\n- AWS S3 Enumeration\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1619/T1619.md"}]}]}
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/iaas-index.csv
+4
View File
@@ -4,6 +4,7 @@ defense-evasion,T1562.008,Disable Cloud Logs,2,Azure - Eventhub Deletion,5e09bed
defense-evasion,T1562.008,Disable Cloud Logs,7,AWS - CloudWatch Log Group Deletes,89422c87-b57b-4a04-a8ca-802bb9d06121,sh
defense-evasion,T1562.008,Disable Cloud Logs,8,AWS - CloudWatch Log Stream Deletes,89422c87-b57b-4a04-a12a-802bb11d06121,sh
defense-evasion,T1562.008,Disable Cloud Logs,9,AWS CloudWatch Log Stream Deletes,33ca84bc-4259-4943-bd36-4655dc420932,sh
defense-evasion,T1078.004,Cloud Accounts,1,Creating GCP Service Account and Service Account Key,9fdd83fd-bd53-46e5-a716-9dec89c8ae8e,gcloud
credential-access,T1552.005,Cloud Instance Metadata API,2,Azure - Dump Azure Instance Metadata from Virtual Machines,cc99e772-4e18-4f1f-b422-c5cdd1bfd7b7,powershell
discovery,T1619,Cloud Storage Object Discovery,1,AWS S3 Enumeration,3c7094f8-71ec-4917-aeb8-a633d7ec4ef5,sh
discovery,T1526,Cloud Service Discovery,1,Azure - Dump Subscription Data with MicroBurst,1e40bb1d-195e-401e-a86b-c192f55e005c,powershell
@@ -12,6 +13,9 @@ persistence,T1136.003,Cloud Account,1,AWS - Create a new IAM user,8d1c2368-b503-
persistence,T1098,Account Manipulation,3,AWS - Create a group and add a user to that group,8822c3b0-d9f9-4daf-a043-49f110a31122,sh
persistence,T1098,Account Manipulation,6,Azure - adding user to Azure role in subscription,1a94b3fc-b080-450a-b3d8-6d9b57b472ea,powershell
persistence,T1098,Account Manipulation,7,Azure - adding service principal to Azure role in subscription,c8f4bc29-a151-48da-b3be-4680af56f404,powershell
persistence,T1078.004,Cloud Accounts,1,Creating GCP Service Account and Service Account Key,9fdd83fd-bd53-46e5-a716-9dec89c8ae8e,gcloud
collection,T1530,Data from Cloud Storage Object,1,Azure - Enumerate Azure Blobs with MicroBurst,3dab4bcc-667f-4459-aea7-4162dd2d6590,powershell
collection,T1530,Data from Cloud Storage Object,2,Azure - Scan for Anonymous Access to Azure Storage (Powershell),146af1f1-b74e-4aa7-9895-505eb559b4b0,powershell
collection,T1530,Data from Cloud Storage Object,3,AWS - Scan for Anonymous Access to S3,979356b9-b588-4e49-bba4-c35517c484f5,sh
initial-access,T1078.004,Cloud Accounts,1,Creating GCP Service Account and Service Account Key,9fdd83fd-bd53-46e5-a716-9dec89c8ae8e,gcloud
privilege-escalation,T1078.004,Cloud Accounts,1,Creating GCP Service Account and Service Account Key,9fdd83fd-bd53-46e5-a716-9dec89c8ae8e,gcloud
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
4 defense-evasion T1562.008 Disable Cloud Logs 7 AWS - CloudWatch Log Group Deletes 89422c87-b57b-4a04-a8ca-802bb9d06121 sh
5 defense-evasion T1562.008 Disable Cloud Logs 8 AWS - CloudWatch Log Stream Deletes 89422c87-b57b-4a04-a12a-802bb11d06121 sh
6 defense-evasion T1562.008 Disable Cloud Logs 9 AWS CloudWatch Log Stream Deletes 33ca84bc-4259-4943-bd36-4655dc420932 sh
7 defense-evasion T1078.004 Cloud Accounts 1 Creating GCP Service Account and Service Account Key 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e gcloud
8 credential-access T1552.005 Cloud Instance Metadata API 2 Azure - Dump Azure Instance Metadata from Virtual Machines cc99e772-4e18-4f1f-b422-c5cdd1bfd7b7 powershell
9 discovery T1619 Cloud Storage Object Discovery 1 AWS S3 Enumeration 3c7094f8-71ec-4917-aeb8-a633d7ec4ef5 sh
10 discovery T1526 Cloud Service Discovery 1 Azure - Dump Subscription Data with MicroBurst 1e40bb1d-195e-401e-a86b-c192f55e005c powershell
13 persistence T1098 Account Manipulation 3 AWS - Create a group and add a user to that group 8822c3b0-d9f9-4daf-a043-49f110a31122 sh
14 persistence T1098 Account Manipulation 6 Azure - adding user to Azure role in subscription 1a94b3fc-b080-450a-b3d8-6d9b57b472ea powershell
15 persistence T1098 Account Manipulation 7 Azure - adding service principal to Azure role in subscription c8f4bc29-a151-48da-b3be-4680af56f404 powershell
16 persistence T1078.004 Cloud Accounts 1 Creating GCP Service Account and Service Account Key 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e gcloud
17 collection T1530 Data from Cloud Storage Object 1 Azure - Enumerate Azure Blobs with MicroBurst 3dab4bcc-667f-4459-aea7-4162dd2d6590 powershell
18 collection T1530 Data from Cloud Storage Object 2 Azure - Scan for Anonymous Access to Azure Storage (Powershell) 146af1f1-b74e-4aa7-9895-505eb559b4b0 powershell
19 collection T1530 Data from Cloud Storage Object 3 AWS - Scan for Anonymous Access to S3 979356b9-b588-4e49-bba4-c35517c484f5 sh
20 initial-access T1078.004 Cloud Accounts 1 Creating GCP Service Account and Service Account Key 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e gcloud
21 privilege-escalation T1078.004 Cloud Accounts 1 Creating GCP Service Account and Service Account Key 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e gcloud
atomics/Indexes/Indexes-Markdown/google-workspace-index.md
+4 -4
View File
@@ -28,7 +28,7 @@
- T1550.004 Web Session Cookie [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1550.001 Application Access Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# discovery
- T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -53,7 +53,7 @@
- T1566 Phishing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# persistence
- T1098.003 Additional Cloud Roles [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -64,7 +64,7 @@
- T1136 Create Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1098.002 Additional Email Delegate Permissions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# lateral-movement
- T1550 Use Alternate Authentication Material [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -76,5 +76,5 @@
- T1078.001 Default Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
atomics/Indexes/Indexes-Markdown/iaas-index.md
+8 -4
View File
@@ -21,7 +21,8 @@
- Atomic Test #9: AWS CloudWatch Log Stream Deletes [iaas:aws]
- T1578.002 Create Cloud Instance [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1578.001 Create Snapshot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078.004 Cloud Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# credential-access
- T1110.001 Password Guessing [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -90,7 +91,8 @@
- Atomic Test #7: Azure - adding service principal to Azure role in subscription [iaas:azure]
- T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1136 Create Account [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078.004 Cloud Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# collection
- T1119 Automated Collection [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -107,7 +109,8 @@
- T1078.001 Default Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1199 Trusted Relationship [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078.004 Cloud Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# lateral-movement
- T1550 Use Alternate Authentication Material [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -116,7 +119,8 @@
# privilege-escalation
- T1078.001 Default Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1078.004 Cloud Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
# execution
- T1204 User Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
atomics/Indexes/Indexes-Markdown/index.md
+4 -4
View File
@@ -617,7 +617,7 @@
- T1578.001 Create Snapshot [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1550.001 Application Access Token [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
- T1480.001 Environmental Keying [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1564.004 NTFS File Attributes](../../T1564.004/T1564.004.md)
- Atomic Test #1: Alternate Data Streams (ADS) [windows]
@@ -916,7 +916,7 @@
- [T1547.008 LSASS Driver](../../T1547.008/T1547.008.md)
- Atomic Test #1: Modify Registry to load Arbitrary DLL into LSASS - LsaDbExtPt [windows]
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
- [T1053.002 At](../../T1053.002/T1053.002.md)
- Atomic Test #1: At.exe Scheduled task [windows]
- Atomic Test #2: At - Schedule a job [linux]
@@ -1376,7 +1376,7 @@
- [T1547.008 LSASS Driver](../../T1547.008/T1547.008.md)
- Atomic Test #1: Modify Registry to load Arbitrary DLL into LSASS - LsaDbExtPt [windows]
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
- [T1053.002 At](../../T1053.002/T1053.002.md)
- Atomic Test #1: At.exe Scheduled task [windows]
- Atomic Test #2: At - Schedule a job [linux]
@@ -2305,7 +2305,7 @@
- T1200 Hardware Additions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1189 Drive-by Compromise [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.004 Cloud Accounts](../../T1078.004/T1078.004.md)
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, windows, linux, macos]
- Atomic Test #1: Creating GCP Service Account and Service Account Key [google-workspace, iaas:gcp]
- T1566.003 Spearphishing via Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1078.003 Local Accounts](../../T1078.003/T1078.003.md)
- Atomic Test #1: Create local account with admin privileges [windows]
atomics/Indexes/index.yaml
+4 -12
View File
@@ -25496,9 +25496,7 @@ defense-evasion:
'
supported_platforms:
- google-workspace
- windows
- linux
- macos
- iaas:gcp
input_arguments:
project-id:
description: ID of the project, you want to create service account as well
@@ -40469,9 +40467,7 @@ privilege-escalation:
'
supported_platforms:
- google-workspace
- windows
- linux
- macos
- iaas:gcp
input_arguments:
project-id:
description: ID of the project, you want to create service account as well
@@ -63230,9 +63226,7 @@ persistence:
'
supported_platforms:
- google-workspace
- windows
- linux
- macos
- iaas:gcp
input_arguments:
project-id:
description: ID of the project, you want to create service account as well
@@ -100296,9 +100290,7 @@ initial-access:
'
supported_platforms:
- google-workspace
- windows
- linux
- macos
- iaas:gcp
input_arguments:
project-id:
description: ID of the project, you want to create service account as well
atomics/T1078.004/T1078.004.md
+1 -1
View File
@@ -16,7 +16,7 @@ Once a cloud account is compromised, an adversary may perform [Account Manipulat
## Atomic Test #1 - Creating GCP Service Account and Service Account Key
GCP Service Accounts can be used to gain intial access as well as maintain persistence inside Google Cloud.
**Supported Platforms:** Google-workspace, Windows, Linux, macOS
**Supported Platforms:** Google-workspace, Iaas:gcp
**auto_generated_guid:** 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e