security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-03-06 03:49:25 +00:00
parent c04e6c16b9
commit 799b63f3c8
4 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1214/T1214.md
+7 -1
View File
@@ -10,8 +10,10 @@ Example commands to find Registry keys related to password information: (Citatio
## Atomic Tests
- [Atomic Test #1 - Enumeration for Credentials in Registry](#atomic-test-1---enumeration-for-credentials-in-registry)
- [Atomic Test #2 - Enumeration for PuTTY Credentials in Registry](#atomic-test-2---enumeration-for-putty-credentials-in-registry)
<br/>
## Atomic Test #1 - Enumeration for Credentials in Registry
@@ -30,10 +32,13 @@ reg query HKCU /f password /t REG_SZ /s
<br/>
<br/>
## Atomic Test #2 - Enumeration for PuTTY Credentials in Registry
Queries to enumerate for PuTTY credentials in the Registry. (Citation: TrendMicro Trickbot Analysis)
Queries to enumerate for PuTTY credentials in the Registry.
**Supported Platforms:** Windows
@@ -48,4 +53,5 @@ reg query HKCU\Software\SimonTatham\PuTTY\Sessions /t REG_SZ /s
<br/>
atomics/index.md
+1
View File
@@ -673,6 +673,7 @@
- Atomic Test #4: Access unattend.xml [windows]
- [T1214 Credentials in Registry](./T1214/T1214.md)
- Atomic Test #1: Enumeration for Credentials in Registry [windows]
- Atomic Test #2: Enumeration for PuTTY Credentials in Registry [windows]
- T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1187 Forced Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1179 Hooking](./T1179/T1179.md)
atomics/index.yaml
+12
View File
@@ -19997,6 +19997,18 @@ credential-access:
command: |
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
- name: Enumeration for PuTTY Credentials in Registry
description: 'Queries to enumerate for PuTTY credentials in the Registry.
'
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: false
command: 'reg query HKCU\Software\SimonTatham\PuTTY\Sessions /t REG_SZ /s
'
T1179:
technique:
x_mitre_data_sources:
atomics/windows-index.md
+1
View File
@@ -485,6 +485,7 @@
- Atomic Test #4: Access unattend.xml [windows]
- [T1214 Credentials in Registry](./T1214/T1214.md)
- Atomic Test #1: Enumeration for Credentials in Registry [windows]
- Atomic Test #2: Enumeration for PuTTY Credentials in Registry [windows]
- T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1187 Forced Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1179 Hooking](./T1179/T1179.md)