security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2018-12-13 16:06:56 +00:00
parent 4334a8c0b0
commit 8243dfedec
4 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1007/T1007.md
+20
View File
@@ -6,6 +6,8 @@
- [Atomic Test #1 - System Service Discovery](#atomic-test-1---system-service-discovery)
- [Atomic Test #2 - System Service Discovery - net.exe](#atomic-test-2---system-service-discovery---netexe)
<br/>
@@ -30,3 +32,21 @@ sc stop #{service_name}
wmic service where (displayname like "#{service_name}") get name
```
<br/>
<br/>
## Atomic Test #2 - System Service Discovery - net.exe
Enumerates started system services using net.exe and writes them to a file. This technique has been used by multiple threat actors.
**Supported Platforms:** Windows
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| output_file | Path of file to hold net.exe output | Path | C:\Windows\Temp\service-list.txt|
#### Run it with `command_prompt`!
```
net.exe start >> #{output_file}
```
<br/>
atomics/index.md
+1
View File
@@ -455,6 +455,7 @@
- Atomic Test #2: System Owner/User Discovery [linux, macos]
- [T1007 System Service Discovery](./T1007/T1007.md)
- Atomic Test #1: System Service Discovery [windows]
- Atomic Test #2: System Service Discovery - net.exe [windows]
- [T1124 System Time Discovery](./T1124/T1124.md)
- Atomic Test #1: System Time Discovery [windows]
- Atomic Test #2: System Time Discovery - PowerShell [windows]
atomics/index.yaml
+17
View File
@@ -12452,6 +12452,23 @@ discovery:
sc start #{service_name}
sc stop #{service_name}
wmic service where (displayname like "#{service_name}") get name
- name: System Service Discovery - net.exe
description: 'Enumerates started system services using net.exe and writes them
to a file. This technique has been used by multiple threat actors.
'
supported_platforms:
- windows
input_arguments:
output_file:
description: Path of file to hold net.exe output
type: Path
default: C:\Windows\Temp\service-list.txt
executor:
name: command_prompt
command: 'net.exe start >> #{output_file}
'
T1124:
technique:
id: attack-pattern--f3c544dc-673c-4ef3-accb-53229f1ae077
atomics/windows-index.md
+1
View File
@@ -308,6 +308,7 @@
- Atomic Test #1: System Owner/User Discovery [windows]
- [T1007 System Service Discovery](./T1007/T1007.md)
- Atomic Test #1: System Service Discovery [windows]
- Atomic Test #2: System Service Discovery - net.exe [windows]
- [T1124 System Time Discovery](./T1124/T1124.md)
- Atomic Test #1: System Time Discovery [windows]
- Atomic Test #2: System Time Discovery - PowerShell [windows]