security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2023-06-23 22:43:25 +00:00
parent ec3898e65b
commit a5741ecb8f
5 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1078.004/T1078.004.yaml
+1
View File
@@ -123,6 +123,7 @@ atomic_tests:
cd $PathToAtomicsFolder/T1078.004/src/T1078.004-2/
terraform destroy -auto-approve
- name: GCP - Create Custom IAM Role
auto_generated_guid: 3a159042-69e6-4398-9a69-3308a4841c85
description: |
This atomic will create a new IAM role. The default role permissions are: *IAM Service Account Get*. The idea for this Atomic came from a Rule published by the Elastic team.
atomics/T1098/T1098.yaml
+1
View File
@@ -946,6 +946,7 @@ atomic_tests:
Write-Host -ForegroundColor Yellow "You must store the password of the current user by running the prerequisite commands first"
}
- name: GCP - Delete Service Account Key
auto_generated_guid: 7ece1dea-49f1-4d62-bdcc-5801e3292510
description: |
This Atomic will:
- Create a service account
atomics/T1485/T1485.yaml
+1
View File
@@ -68,6 +68,7 @@ atomic_tests:
cipher.exe /w:C:
name: command_prompt
- name: GCP - Delete Bucket
auto_generated_guid: 4ac71389-40f4-448a-b73f-754346b3f928
description: |
This Atomic will create a Google Storage Bucket then delete it. The idea for this Atomic came from a Rule published by the Elastic team.
atomics/T1562.008/T1562.008.yaml
+1
View File
@@ -440,6 +440,7 @@ atomic_tests:
name: powershell
elevation_required: false
- name: GCP - Delete Activity Event Log
auto_generated_guid: d56152ec-01d9-42a2-877c-aac1f6ebe8e6
description: |
GCP provides 4 types of Cloud Audit Logs: Admin Activity, Data Access, System Events, and Policy Denied.
An adversary may attempt to delete logs in order to hide their activity. However, Admin Activity, System Events, and Policy Deny events logs cannot be deleted.
atomics/used_guids.txt
+4
View File
@@ -1355,3 +1355,7 @@ c9a2f6fe-7197-488c-af6d-10c782121ca6
645f0f5a-ef09-48d8-b9bc-f0e24c642d72
1a01f6b8-b1e8-418e-bbe3-78a6f822759e
f0e3aaea-5cd9-4db6-a077-631dd19b27a8
3a159042-69e6-4398-9a69-3308a4841c85
7ece1dea-49f1-4d62-bdcc-5801e3292510
4ac71389-40f4-448a-b73f-754346b3f928
d56152ec-01d9-42a2-877c-aac1f6ebe8e6