Generated docs from job=generate-docs branch=master [ci skip]

atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json

@@ -1 +1 @@
-{"name":"Atomic Red Team (Containers)","versions":{"attack":"13","navigator":"4.8.2","layer":"4.4"},"description":"Atomic Red Team (Containers) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1046","score":1,"enabled":true,"comment":"\n- Network Service Discovery for Containers\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"}]},{"techniqueID":"T1053","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.md"}]},{"techniqueID":"T1053.007","score":2,"enabled":true,"comment":"\n- ListCronjobs\n- CreateCronjob\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"}]},{"techniqueID":"T1069","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069/T1069.md"}]},{"techniqueID":"T1069.001","score":1,"enabled":true,"comment":"\n- Permission Groups Discovery for Containers- Local Groups\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"}]},{"techniqueID":"T1552","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}]},{"techniqueID":"T1552.007","score":2,"enabled":true,"comment":"\n- List All Secrets\n- ListSecrets\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"}]},{"techniqueID":"T1609","score":2,"enabled":true,"comment":"\n- ExecIntoContainer\n- Docker Exec Into Container\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"}]},{"techniqueID":"T1610","score":1,"enabled":true,"comment":"\n- Deploy Docker container\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"}]},{"techniqueID":"T1611","score":2,"enabled":true,"comment":"\n- Deploy container using nsenter container escape\n- Mount host filesystem to escape privileged Docker container\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]},{"techniqueID":"T1612","score":1,"enabled":true,"comment":"\n- Build Image On Host\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1612/T1612.md"}]},{"techniqueID":"T1613","score":1,"enabled":true,"comment":"\n- Container and ResourceDiscovery\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1613/T1613.md"}]}]}
+{"name":"Atomic Red Team (Containers)","versions":{"attack":"13","navigator":"4.8.2","layer":"4.4"},"description":"Atomic Red Team (Containers) MITRE ATT&CK Navigator Layer","domain":"enterprise-attack","filters":{},"gradient":{"colors":["#ffffff","#ce232e"],"minValue":0,"maxValue":10},"legendItems":[{"label":"10 or more tests","color":"#ce232e"},{"label":"1 or more tests","color":"#ffffff"}],"techniques":[{"techniqueID":"T1046","score":1,"enabled":true,"comment":"\n- Network Service Discovery for Containers\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"}]},{"techniqueID":"T1053","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.md"}]},{"techniqueID":"T1053.007","score":2,"enabled":true,"comment":"\n- ListCronjobs\n- CreateCronjob\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"}]},{"techniqueID":"T1069","score":1,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069/T1069.md"}]},{"techniqueID":"T1069.001","score":1,"enabled":true,"comment":"\n- Permission Groups Discovery for Containers- Local Groups\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"}]},{"techniqueID":"T1552","score":2,"enabled":true,"links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552/T1552.md"}]},{"techniqueID":"T1552.007","score":2,"enabled":true,"comment":"\n- List All Secrets\n- ListSecrets\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"}]},{"techniqueID":"T1609","score":2,"enabled":true,"comment":"\n- ExecIntoContainer\n- Docker Exec Into Container\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"}]},{"techniqueID":"T1610","score":1,"enabled":true,"comment":"\n- Deploy Docker container\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"}]},{"techniqueID":"T1611","score":2,"enabled":true,"comment":"\n- Deploy container using nsenter container escape\n- Mount host filesystem to escape privileged Docker container\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]},{"techniqueID":"T1612","score":1,"enabled":true,"comment":"\n- Build Image On Host\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1612/T1612.md"}]},{"techniqueID":"T1613","score":2,"enabled":true,"comment":"\n- Docker Container and Resource Discovery\n- Podman Container and Resource Discovery\n","links":[{"label":"View Atomic","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1613/T1613.md"}]}]}

atomics/Indexes/Indexes-CSV/containers-index.csv

@@ -1,5 +1,6 @@
 Tactic,Technique #,Technique Name,Test #,Test Name,Test GUID,Executor Name
-discovery,T1613,Container and Resource Discovery,1,Container and ResourceDiscovery,8a895923-f99f-4668-acf2-6cc59a44f05e,sh
+discovery,T1613,Container and Resource Discovery,1,Docker Container and Resource Discovery,ea2255df-d781-493b-9693-ac328f9afc3f,sh
+discovery,T1613,Container and Resource Discovery,2,Podman Container and Resource Discovery,fc631702-3f03-4f2b-8d8a-6b3d055580a1,sh
 discovery,T1046,Network Service Discovery,9,Network Service Discovery for Containers,06eaafdb-8982-426e-8a31-d572da633caa,sh
 credential-access,T1552.007,Kubernetes List Secrets,1,List All Secrets,31e794c4-48fd-4a76-aca4-6587c155bc11,bash
 credential-access,T1552.007,Kubernetes List Secrets,2,ListSecrets,43c3a49d-d15c-45e6-b303-f6e177e44a9a,bash

atomics/Indexes/Indexes-CSV/index.csv

@@ -1571,7 +1571,8 @@ discovery,T1033,System Owner/User Discovery,4,User Discovery With Env Vars Power
 discovery,T1033,System Owner/User Discovery,5,GetCurrent User with PowerShell Script,1392bd0f-5d5a-429e-81d9-eb9d4d4d5b3b,powershell
 discovery,T1033,System Owner/User Discovery,6,System Discovery - SocGholish whoami,3d257a03-eb80-41c5-b744-bb37ac7f65c7,powershell
 discovery,T1033,System Owner/User Discovery,7,System Owner/User Discovery Using Command Prompt,ba38e193-37a6-4c41-b214-61b33277fe36,command_prompt
-discovery,T1613,Container and Resource Discovery,1,Container and ResourceDiscovery,8a895923-f99f-4668-acf2-6cc59a44f05e,sh
+discovery,T1613,Container and Resource Discovery,1,Docker Container and Resource Discovery,ea2255df-d781-493b-9693-ac328f9afc3f,sh
+discovery,T1613,Container and Resource Discovery,2,Podman Container and Resource Discovery,fc631702-3f03-4f2b-8d8a-6b3d055580a1,sh
 discovery,T1615,Group Policy Discovery,1,Display group policy information via gpresult,0976990f-53b1-4d3f-a185-6df5be429d3b,command_prompt
 discovery,T1615,Group Policy Discovery,2,Get-DomainGPO to display group policy information via PowerView,4e524c4e-0e02-49aa-8df5-93f3f7959b9f,powershell
 discovery,T1615,Group Policy Discovery,3,WinPwn - GPOAudit,bc25c04b-841e-4965-855f-d1f645d7ab73,powershell

atomics/Indexes/Indexes-Markdown/containers-index.md

@@ -1,7 +1,8 @@
 # Containers Atomic Tests by ATT&CK Tactic & Technique
 # discovery
 - [T1613 Container and Resource Discovery](../../T1613/T1613.md)
-  - Atomic Test #1: Container and ResourceDiscovery [containers]
+  - Atomic Test #1: Docker Container and Resource Discovery [containers]
+  - Atomic Test #2: Podman Container and Resource Discovery [containers]
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1046 Network Service Discovery](../../T1046/T1046.md)
   - Atomic Test #9: Network Service Discovery for Containers [containers]

atomics/Indexes/Indexes-Markdown/index.md

@@ -2200,7 +2200,8 @@
   - Atomic Test #6: System Discovery - SocGholish whoami [windows]
   - Atomic Test #7: System Owner/User Discovery Using Command Prompt [windows]
 - [T1613 Container and Resource Discovery](../../T1613/T1613.md)
-  - Atomic Test #1: Container and ResourceDiscovery [containers]
+  - Atomic Test #1: Docker Container and Resource Discovery [containers]
+  - Atomic Test #2: Podman Container and Resource Discovery [containers]
 - T1016.001 Internet Connection Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1069.003 Cloud Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

atomics/Indexes/containers-index.yaml

@@ -46137,15 +46137,15 @@ discovery:
       x_mitre_modified_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       identifier: T1613
     atomic_tests:
-    - name: Container and ResourceDiscovery
-      auto_generated_guid: 8a895923-f99f-4668-acf2-6cc59a44f05e
+    - name: Docker Container and Resource Discovery
+      auto_generated_guid: ea2255df-d781-493b-9693-ac328f9afc3f
       description: Adversaries may attempt to discover containers and other resources
         that are available within a containers environment.
       supported_platforms:
       - containers
       dependency_executor_name: sh
       dependencies:
-      - description: Verify docker is installed.
+      - description: Verify Docker is installed.
         prereq_command: 'which docker
 
           '
@@ -46155,17 +46155,15 @@ discovery:
           echo "Docker installed"; fi
 
           '
-      - description: Verify docker service is running.
-        prereq_command: 'sudo systemctl status docker  --no-pager
-
-          '
-        get_prereq_command: 'sudo systemctl start docker
+      - description: Verify Docker service is running.
+        prereq_command: 'sudo systemctl status docker --no-pager
 
           '
+        get_prereq_command: "sudo systemctl start docker \n"
       executor:
         command: |-
-          docker build -t t1613  $PathtoAtomicsFolder/T1613/src/
-          docker run --name t1613_container  -d -t t1613
+          docker build -t t1613 $PathtoAtomicsFolder/T1613/src/
+          docker run --name t1613_container -d -t t1613
           docker ps
           docker stats --no-stream
           docker inspect $(docker ps -l -q --filter ancestor=t1613)
@@ -46173,6 +46171,40 @@ discovery:
           docker stop t1613_container
           docker rmi -f t1613_container
         name: sh
+    - name: Podman Container and Resource Discovery
+      auto_generated_guid: fc631702-3f03-4f2b-8d8a-6b3d055580a1
+      description: Adversaries may attempt to discover containers and other resources
+        that are available within a containers environment.
+      supported_platforms:
+      - containers
+      dependency_executor_name: sh
+      dependencies:
+      - description: Verify Podman is installed.
+        prereq_command: 'which podman
+
+          '
+        get_prereq_command: "if [ \"\" == \"`which podman`\" ]; then echo \"Podman
+          Not Found\"; if [ -n \"`which apt-get`\" ]; then sudo apt-get -y install
+          podman ; elif [ -n \"`which yum`\" ]; then sudo yum -y install podman ;
+          elif [ -n \"`which pacman`\" ]; then sudo pacman -Sy podman --noconfirm
+          ; elif [ -n \"`which brew`\" ]; then brew install podman ; else echo \"Unsupported
+          package manager\"; fi ; else echo \"Podman installed\"; fi        \n"
+      - description: Verify Podman service is running.
+        prereq_command: 'sudo systemctl status podman --no-pager
+
+          '
+        get_prereq_command: "sudo systemctl start podman \n"
+      executor:
+        command: |-
+          podman build -t t1613 $PathtoAtomicsFolder/T1613/src/
+          podman run --name t1613_container -d -t t1613
+          podman ps
+          podman stats --no-stream
+          podman inspect $(podman ps -l -q --filter ancestor=t1613)
+        cleanup_command: |-
+          podman stop t1613_container
+          podman rmi -f t1613_container
+        name: sh
   T1016.001:
     technique:
       x_mitre_platforms:

atomics/Indexes/index.yaml

@@ -92758,15 +92758,15 @@ discovery:
       x_mitre_modified_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       identifier: T1613
     atomic_tests:
-    - name: Container and ResourceDiscovery
-      auto_generated_guid: 8a895923-f99f-4668-acf2-6cc59a44f05e
+    - name: Docker Container and Resource Discovery
+      auto_generated_guid: ea2255df-d781-493b-9693-ac328f9afc3f
       description: Adversaries may attempt to discover containers and other resources
         that are available within a containers environment.
       supported_platforms:
       - containers
       dependency_executor_name: sh
       dependencies:
-      - description: Verify docker is installed.
+      - description: Verify Docker is installed.
         prereq_command: 'which docker
 
           '
@@ -92776,17 +92776,15 @@ discovery:
           echo "Docker installed"; fi
 
           '
-      - description: Verify docker service is running.
-        prereq_command: 'sudo systemctl status docker  --no-pager
-
-          '
-        get_prereq_command: 'sudo systemctl start docker
+      - description: Verify Docker service is running.
+        prereq_command: 'sudo systemctl status docker --no-pager
 
           '
+        get_prereq_command: "sudo systemctl start docker \n"
       executor:
         command: |-
-          docker build -t t1613  $PathtoAtomicsFolder/T1613/src/
-          docker run --name t1613_container  -d -t t1613
+          docker build -t t1613 $PathtoAtomicsFolder/T1613/src/
+          docker run --name t1613_container -d -t t1613
           docker ps
           docker stats --no-stream
           docker inspect $(docker ps -l -q --filter ancestor=t1613)
@@ -92794,6 +92792,40 @@ discovery:
           docker stop t1613_container
           docker rmi -f t1613_container
         name: sh
+    - name: Podman Container and Resource Discovery
+      auto_generated_guid: fc631702-3f03-4f2b-8d8a-6b3d055580a1
+      description: Adversaries may attempt to discover containers and other resources
+        that are available within a containers environment.
+      supported_platforms:
+      - containers
+      dependency_executor_name: sh
+      dependencies:
+      - description: Verify Podman is installed.
+        prereq_command: 'which podman
+
+          '
+        get_prereq_command: "if [ \"\" == \"`which podman`\" ]; then echo \"Podman
+          Not Found\"; if [ -n \"`which apt-get`\" ]; then sudo apt-get -y install
+          podman ; elif [ -n \"`which yum`\" ]; then sudo yum -y install podman ;
+          elif [ -n \"`which pacman`\" ]; then sudo pacman -Sy podman --noconfirm
+          ; elif [ -n \"`which brew`\" ]; then brew install podman ; else echo \"Unsupported
+          package manager\"; fi ; else echo \"Podman installed\"; fi        \n"
+      - description: Verify Podman service is running.
+        prereq_command: 'sudo systemctl status podman --no-pager
+
+          '
+        get_prereq_command: "sudo systemctl start podman \n"
+      executor:
+        command: |-
+          podman build -t t1613 $PathtoAtomicsFolder/T1613/src/
+          podman run --name t1613_container -d -t t1613
+          podman ps
+          podman stats --no-stream
+          podman inspect $(podman ps -l -q --filter ancestor=t1613)
+        cleanup_command: |-
+          podman stop t1613_container
+          podman rmi -f t1613_container
+        name: sh
   T1016.001:
     technique:
       x_mitre_platforms:

atomics/T1613/T1613.md

@@ -6,15 +6,23 @@ These resources can be viewed within web applications such as the Kubernetes das
 
 ## Atomic Tests
 
-- [Atomic Test #1 - Docker Container and ResourceDiscovery](#atomic-test-1---container-and-resourcediscovery)
-- [Atomic Test #2 - Podman Container and ResourceDiscovery](#atomic-test-2---podman-container-and-resourcediscovery)
+- [Atomic Test #1 - Docker Container and Resource Discovery](#atomic-test-1---docker-container-and-resource-discovery)
+
+- [Atomic Test #2 - Podman Container and Resource Discovery](#atomic-test-2---podman-container-and-resource-discovery)
+
 
 <br/>
 
-## Atomic Test #1 - Docker Container and ResourceDiscovery
-Adversaries may attempt to discover Docker containers and other resources that are available within a containers environment.
+## Atomic Test #1 - Docker Container and Resource Discovery
+Adversaries may attempt to discover containers and other resources that are available within a containers environment.
+
+**Supported Platforms:** Containers
+
+
+**auto_generated_guid:** ea2255df-d781-493b-9693-ac328f9afc3f
+
+
 
-**Supported Platforms:** Docker, Containers
 
 
 
@@ -22,8 +30,8 @@ Adversaries may attempt to discover Docker containers and other resources that a
 
 
 ```sh
-docker build -t t1613  $PathtoAtomicsFolder/T1613/src/
-docker run --name t1613_container  -d -t t1613
+docker build -t t1613 $PathtoAtomicsFolder/T1613/src/
+docker run --name t1613_container -d -t t1613
 docker ps
 docker stats --no-stream
 docker inspect $(docker ps -l -q --filter ancestor=t1613)
@@ -38,7 +46,7 @@ docker rmi -f t1613_container
 
 
 #### Dependencies:  Run with `sh`!
-##### Description: Verify docker is installed.
+##### Description: Verify Docker is installed.
 ##### Check Prereq Commands:
 ```sh
 which docker
@@ -47,10 +55,10 @@ which docker
 ```sh
 if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
 ```
-##### Description: Verify docker service is running.
+##### Description: Verify Docker service is running.
 ##### Check Prereq Commands:
 ```sh
-sudo systemctl status docker  --no-pager
+sudo systemctl status docker --no-pager
 ```
 ##### Get Prereq Commands:
 ```sh
@@ -58,10 +66,22 @@ sudo systemctl start docker
 ```
 
 
-## Atomic Test #2 - Podman Container and ResourceDiscovery
-Adversaries may attempt to discover Podman containers and other resources that are available within a containers environment.
 
-**Supported Platforms:** Podman, Containers
+
+<br/>
+<br/>
+
+## Atomic Test #2 - Podman Container and Resource Discovery
+Adversaries may attempt to discover containers and other resources that are available within a containers environment.
+
+**Supported Platforms:** Containers
+
+
+**auto_generated_guid:** fc631702-3f03-4f2b-8d8a-6b3d055580a1
+
+
+
+
 
 
 #### Attack Commands: Run with `sh`! 
@@ -84,29 +104,19 @@ podman rmi -f t1613_container
 
 
 #### Dependencies:  Run with `sh`!
-##### Description: Verify podman is installed.
+##### Description: Verify Podman is installed.
 ##### Check Prereq Commands:
 ```sh
 which podman
 ```
 ##### Get Prereq Commands:
 ```sh
-if [ "" == "`which podman`" ]; then
-    echo "Podman Not Found"
-    if [ -n "`which apt-get`" ]; then
-        sudo apt-get -y install podman
-    elif [ -n "`which yum`" ]; then
-        sudo yum -y install podman
-    fi
-else
-    echo "Podman installed"
-fi
-
+if [ "" == "`which podman`" ]; then echo "Podman Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install podman ; elif [ -n "`which yum`" ]; then sudo yum -y install podman ; elif [ -n "`which pacman`" ]; then sudo pacman -Sy podman --noconfirm ; elif [ -n "`which brew`" ]; then brew install podman ; else echo "Unsupported package manager"; fi ; else echo "Podman installed"; fi
 ```
-##### Description: Verify docker service is running.
+##### Description: Verify Podman service is running.
 ##### Check Prereq Commands:
 ```sh
-sudo systemctl status podman  --no-pager
+sudo systemctl status podman --no-pager
 ```
 ##### Get Prereq Commands:
 ```sh
@@ -115,4 +125,5 @@ sudo systemctl start podman
 
 
 
+
 <br/>