security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2023-09-12 02:52:08 +00:00
parent 0c57c49f1b
commit a68b2cfabe
3 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1021.005/T1021.005.yaml
+1
View File
@@ -2,6 +2,7 @@ attack_technique: T1021.005
display_name: 'Remote Services:VNC'
atomic_tests:
- name: Enable Apple Remote Desktop Agent
auto_generated_guid: 8a930abe-841c-4d4f-a877-72e9fe90b9ea
description: |
ARD leverages a blend of protocols, including VNC to send the screen and control buffers and SSH for secure file transfer.
Adversaries can abuse ARD to gain remote code execution and perform lateral movement.
atomics/T1055/T1055.yaml
+1
View File
@@ -111,6 +111,7 @@ atomic_tests:
cleanup_command: Stop-Process $notepad.pid
name: powershell
- name: Dirty Vanity process Injection
auto_generated_guid: 49543237-25db-497b-90df-d0a0a6e8fe2c
description: |
This test used the Windows undocumented remote-fork API RtlCreateProcessReflection to create a cloned process of the parent process
with shellcode written in its memory. The shellcode is executed after being forked to the child process. The technique was first presented at
atomics/used_guids.txt
+3
View File
@@ -1383,3 +1383,6 @@ b1eeb683-90bb-4365-bbc2-2689015782fe
01d1c6c0-faf0-408e-b368-752a02285cb2
4060ee98-01ae-4c8e-8aad-af8300519cc7
3e6791e7-232c-481c-a680-a52f86b83fdf
8a930abe-841c-4d4f-a877-72e9fe90b9ea
49543237-25db-497b-90df-d0a0a6e8fe2c
14f3af20-61f1-45b8-ad31-4637815f3f44