security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2019-05-21 12:11:03 +00:00
parent 249ccacbe9
commit 7b2ff64340
6 changed files with 62 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1087/T1087.md
+29 -14
View File
@@ -24,19 +24,21 @@ Also, groups can be enumerated through the <code>groups</code> and <code>id</cod
- [Atomic Test #3 - View accounts with UID 0](#atomic-test-3---view-accounts-with-uid-0)
- [Atomic Test #4 - Show if a user account has ever logger in remotely](#atomic-test-4---show-if-a-user-account-has-ever-logger-in-remotely)
- [Atomic Test #4 - List opened files by user](#atomic-test-4---list-opened-files-by-user)
- [Atomic Test #5 - Enumerate users and groups](#atomic-test-5---enumerate-users-and-groups)
- [Atomic Test #5 - Show if a user account has ever logger in remotely](#atomic-test-5---show-if-a-user-account-has-ever-logger-in-remotely)
- [Atomic Test #6 - Enumerate users and groups](#atomic-test-6---enumerate-users-and-groups)
- [Atomic Test #7 - Enumerate all accounts](#atomic-test-7---enumerate-all-accounts)
- [Atomic Test #7 - Enumerate users and groups](#atomic-test-7---enumerate-users-and-groups)
- [Atomic Test #8 - Enumerate all accounts via PowerShell](#atomic-test-8---enumerate-all-accounts-via-powershell)
- [Atomic Test #8 - Enumerate all accounts](#atomic-test-8---enumerate-all-accounts)
- [Atomic Test #9 - Enumerate logged on users](#atomic-test-9---enumerate-logged-on-users)
- [Atomic Test #9 - Enumerate all accounts via PowerShell](#atomic-test-9---enumerate-all-accounts-via-powershell)
- [Atomic Test #10 - Enumerate logged on users via PowerShell](#atomic-test-10---enumerate-logged-on-users-via-powershell)
- [Atomic Test #10 - Enumerate logged on users](#atomic-test-10---enumerate-logged-on-users)
- [Atomic Test #11 - Enumerate logged on users via PowerShell](#atomic-test-11---enumerate-logged-on-users-via-powershell)
<br/>
@@ -78,7 +80,7 @@ cat /etc/sudoers > #{output_file}
<br/>
## Atomic Test #3 - View accounts with UID 0
List opened files by user
View accounts wtih UID 0
**Supported Platforms:** Linux, macOS
@@ -88,6 +90,19 @@ List opened files by user
|------|-------------|------|---------------|
| output_file | Path where captured results will be placed | Path | ~/loot.txt|
#### Run it with `sh`!
```
grep 'x:0:' /etc/passwd > #{output_file} - name: List opened files by user
```
<br/>
<br/>
## Atomic Test #4 - List opened files by user
List opened files by user
**Supported Platforms:** Linux, macOS
#### Run it with `sh`!
```
username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
@@ -95,7 +110,7 @@ username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
<br/>
<br/>
## Atomic Test #4 - Show if a user account has ever logger in remotely
## Atomic Test #5 - Show if a user account has ever logger in remotely
Show if a user account has ever logger in remotely
**Supported Platforms:** Linux, macOS
@@ -113,7 +128,7 @@ lastlog > #{output_file}
<br/>
<br/>
## Atomic Test #5 - Enumerate users and groups
## Atomic Test #6 - Enumerate users and groups
Utilize groups and id to enumerate users and groups
**Supported Platforms:** Linux, macOS
@@ -127,7 +142,7 @@ id
<br/>
<br/>
## Atomic Test #6 - Enumerate users and groups
## Atomic Test #7 - Enumerate users and groups
Utilize local utilities to enumerate users and groups
**Supported Platforms:** macOS
@@ -144,7 +159,7 @@ dscacheutil -q user
<br/>
<br/>
## Atomic Test #7 - Enumerate all accounts
## Atomic Test #8 - Enumerate all accounts
Enumerate all accounts
**Supported Platforms:** Windows
@@ -162,7 +177,7 @@ net localgroup
<br/>
<br/>
## Atomic Test #8 - Enumerate all accounts via PowerShell
## Atomic Test #9 - Enumerate all accounts via PowerShell
Enumerate all accounts via PowerShell
**Supported Platforms:** Windows
@@ -185,7 +200,7 @@ net localgroup
<br/>
<br/>
## Atomic Test #9 - Enumerate logged on users
## Atomic Test #10 - Enumerate logged on users
Enumerate logged on users
**Supported Platforms:** Windows
@@ -198,7 +213,7 @@ query user
<br/>
<br/>
## Atomic Test #10 - Enumerate logged on users via PowerShell
## Atomic Test #11 - Enumerate logged on users via PowerShell
Enumerate logged on users via PowerShell
**Supported Platforms:** Windows
atomics/index.md
+8 -7
View File
@@ -413,13 +413,14 @@
- Atomic Test #1: Enumerate all accounts [linux, macos]
- Atomic Test #2: View sudoers access [linux, macos]
- Atomic Test #3: View accounts with UID 0 [linux, macos]
- Atomic Test #4: Show if a user account has ever logger in remotely [linux, macos]
- Atomic Test #5: Enumerate users and groups [linux, macos]
- Atomic Test #6: Enumerate users and groups [macos]
- Atomic Test #7: Enumerate all accounts [windows]
- Atomic Test #8: Enumerate all accounts via PowerShell [windows]
- Atomic Test #9: Enumerate logged on users [windows]
- Atomic Test #10: Enumerate logged on users via PowerShell [windows]
- Atomic Test #4: List opened files by user [linux, macos]
- Atomic Test #5: Show if a user account has ever logger in remotely [linux, macos]
- Atomic Test #6: Enumerate users and groups [linux, macos]
- Atomic Test #7: Enumerate users and groups [macos]
- Atomic Test #8: Enumerate all accounts [windows]
- Atomic Test #9: Enumerate all accounts via PowerShell [windows]
- Atomic Test #10: Enumerate logged on users [windows]
- Atomic Test #11: Enumerate logged on users via PowerShell [windows]
- [T1010 Application Window Discovery](./T1010/T1010.md)
- Atomic Test #1: List Process Main Windows - C# .NET [windows]
- [T1217 Browser Bookmark Discovery](./T1217/T1217.md)
atomics/index.yaml
+14 -1
View File
@@ -11984,7 +11984,7 @@ discovery:
'
- name: View accounts with UID 0
description: 'List opened files by user
description: 'View accounts wtih UID 0
'
supported_platforms:
@@ -11995,6 +11995,19 @@ discovery:
description: Path where captured results will be placed
type: Path
default: "~/loot.txt"
executor:
name: sh
command: 'grep ''x:0:'' /etc/passwd > #{output_file} - name: List opened files
by user
'
- name: List opened files by user
description: 'List opened files by user
'
supported_platforms:
- linux
- macos
executor:
name: sh
command: 'username=$(echo $HOME | awk -F''/'' ''{print $3}'') && lsof -u $username
atomics/linux-index.md
+3 -2
View File
@@ -40,8 +40,9 @@
- Atomic Test #1: Enumerate all accounts [linux, macos]
- Atomic Test #2: View sudoers access [linux, macos]
- Atomic Test #3: View accounts with UID 0 [linux, macos]
- Atomic Test #4: Show if a user account has ever logger in remotely [linux, macos]
- Atomic Test #5: Enumerate users and groups [linux, macos]
- Atomic Test #4: List opened files by user [linux, macos]
- Atomic Test #5: Show if a user account has ever logger in remotely [linux, macos]
- Atomic Test #6: Enumerate users and groups [linux, macos]
- [T1217 Browser Bookmark Discovery](./T1217/T1217.md)
- Atomic Test #1: List Mozilla Firefox Bookmark Database Files on Linux [linux]
- [T1083 File and Directory Discovery](./T1083/T1083.md)
atomics/macos-index.md
+4 -3
View File
@@ -60,9 +60,10 @@
- Atomic Test #1: Enumerate all accounts [linux, macos]
- Atomic Test #2: View sudoers access [linux, macos]
- Atomic Test #3: View accounts with UID 0 [linux, macos]
- Atomic Test #4: Show if a user account has ever logger in remotely [linux, macos]
- Atomic Test #5: Enumerate users and groups [linux, macos]
- Atomic Test #6: Enumerate users and groups [macos]
- Atomic Test #4: List opened files by user [linux, macos]
- Atomic Test #5: Show if a user account has ever logger in remotely [linux, macos]
- Atomic Test #6: Enumerate users and groups [linux, macos]
- Atomic Test #7: Enumerate users and groups [macos]
- [T1010 Application Window Discovery](./T1010/T1010.md)
- [T1217 Browser Bookmark Discovery](./T1217/T1217.md)
- Atomic Test #2: List Mozilla Firefox Bookmark Database Files on macOS [macos]
atomics/windows-index.md
+4 -4
View File
@@ -277,10 +277,10 @@
# discovery
- [T1087 Account Discovery](./T1087/T1087.md)
- Atomic Test #7: Enumerate all accounts [windows]
- Atomic Test #8: Enumerate all accounts via PowerShell [windows]
- Atomic Test #9: Enumerate logged on users [windows]
- Atomic Test #10: Enumerate logged on users via PowerShell [windows]
- Atomic Test #8: Enumerate all accounts [windows]
- Atomic Test #9: Enumerate all accounts via PowerShell [windows]
- Atomic Test #10: Enumerate logged on users [windows]
- Atomic Test #11: Enumerate logged on users via PowerShell [windows]
- [T1010 Application Window Discovery](./T1010/T1010.md)
- Atomic Test #1: List Process Main Windows - C# .NET [windows]
- [T1217 Browser Bookmark Discovery](./T1217/T1217.md)