security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-10-17 00:17:27 +00:00
parent bddd7e6096
commit b2d3484155
12 changed files with 59 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -2,7 +2,7 @@
# Atomic Red Team
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1653-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1654-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
Atomic Red Team™ is a library of tests mapped to the
[MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/index.csv
+1
View File
@@ -1822,6 +1822,7 @@ discovery,T1082,System Information Discovery,32,ESXi - Darkside system informati
discovery,T1082,System Information Discovery,33,sysctl to gather macOS hardware info,c8d40da9-31bd-47da-a497-11ea55d1ef6c,sh
discovery,T1082,System Information Discovery,34,operating system discovery ,70e13ef4-5a74-47e4-9d16-760b41b0e2db,powershell
discovery,T1082,System Information Discovery,35,"Check OS version via ""ver"" command",f6ecb109-df24-4303-8d85-1987dbae6160,command_prompt
discovery,T1082,System Information Discovery,36,"Display volume shadow copies with ""vssadmin""",7161b085-816a-491f-bab4-d68e974b7995,command_prompt
discovery,T1016.002,System Network Configuration Discovery: Wi-Fi Discovery,1,Enumerate Stored Wi-Fi Profiles And Passwords via netsh,53cf1903-0fa7-4177-ab14-f358ae809eec,command_prompt
discovery,T1010,Application Window Discovery,1,List Process Main Windows - C# .NET,fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4,command_prompt
discovery,T1497.003,Time Based Evasion,1,Delay execution with ping,8b87dd03-8204-478c-bac3-3959f6528de3,sh
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1822 discovery T1082 System Information Discovery 33 sysctl to gather macOS hardware info c8d40da9-31bd-47da-a497-11ea55d1ef6c sh
1823 discovery T1082 System Information Discovery 34 operating system discovery 70e13ef4-5a74-47e4-9d16-760b41b0e2db powershell
1824 discovery T1082 System Information Discovery 35 Check OS version via "ver" command f6ecb109-df24-4303-8d85-1987dbae6160 command_prompt
1825 discovery T1082 System Information Discovery 36 Display volume shadow copies with "vssadmin" 7161b085-816a-491f-bab4-d68e974b7995 command_prompt
1826 discovery T1016.002 System Network Configuration Discovery: Wi-Fi Discovery 1 Enumerate Stored Wi-Fi Profiles And Passwords via netsh 53cf1903-0fa7-4177-ab14-f358ae809eec command_prompt
1827 discovery T1010 Application Window Discovery 1 List Process Main Windows - C# .NET fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4 command_prompt
1828 discovery T1497.003 Time Based Evasion 1 Delay execution with ping 8b87dd03-8204-478c-bac3-3959f6528de3 sh
atomics/Indexes/Indexes-CSV/windows-index.csv
+1
View File
@@ -1230,6 +1230,7 @@ discovery,T1082,System Information Discovery,31,ESXi - VM Discovery using ESXCLI
discovery,T1082,System Information Discovery,32,ESXi - Darkside system information discovery,f89812e5-67d1-4f49-86fa-cbc6609ea86a,command_prompt
discovery,T1082,System Information Discovery,34,operating system discovery ,70e13ef4-5a74-47e4-9d16-760b41b0e2db,powershell
discovery,T1082,System Information Discovery,35,"Check OS version via ""ver"" command",f6ecb109-df24-4303-8d85-1987dbae6160,command_prompt
discovery,T1082,System Information Discovery,36,"Display volume shadow copies with ""vssadmin""",7161b085-816a-491f-bab4-d68e974b7995,command_prompt
discovery,T1016.002,System Network Configuration Discovery: Wi-Fi Discovery,1,Enumerate Stored Wi-Fi Profiles And Passwords via netsh,53cf1903-0fa7-4177-ab14-f358ae809eec,command_prompt
discovery,T1010,Application Window Discovery,1,List Process Main Windows - C# .NET,fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4,command_prompt
discovery,T1217,Browser Bookmark Discovery,5,List Google Chrome / Opera Bookmarks on Windows with powershell,faab755e-4299-48ec-8202-fc7885eb6545,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1230 discovery T1082 System Information Discovery 32 ESXi - Darkside system information discovery f89812e5-67d1-4f49-86fa-cbc6609ea86a command_prompt
1231 discovery T1082 System Information Discovery 34 operating system discovery 70e13ef4-5a74-47e4-9d16-760b41b0e2db powershell
1232 discovery T1082 System Information Discovery 35 Check OS version via "ver" command f6ecb109-df24-4303-8d85-1987dbae6160 command_prompt
1233 discovery T1082 System Information Discovery 36 Display volume shadow copies with "vssadmin" 7161b085-816a-491f-bab4-d68e974b7995 command_prompt
1234 discovery T1016.002 System Network Configuration Discovery: Wi-Fi Discovery 1 Enumerate Stored Wi-Fi Profiles And Passwords via netsh 53cf1903-0fa7-4177-ab14-f358ae809eec command_prompt
1235 discovery T1010 Application Window Discovery 1 List Process Main Windows - C# .NET fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4 command_prompt
1236 discovery T1217 Browser Bookmark Discovery 5 List Google Chrome / Opera Bookmarks on Windows with powershell faab755e-4299-48ec-8202-fc7885eb6545 powershell
atomics/Indexes/Indexes-Markdown/index.md
+1
View File
@@ -2481,6 +2481,7 @@
- Atomic Test #33: sysctl to gather macOS hardware info [macos]
- Atomic Test #34: operating system discovery [windows]
- Atomic Test #35: Check OS version via "ver" command [windows]
- Atomic Test #36: Display volume shadow copies with "vssadmin" [windows]
- [T1016.002 System Network Configuration Discovery: Wi-Fi Discovery](../../T1016.002/T1016.002.md)
- Atomic Test #1: Enumerate Stored Wi-Fi Profiles And Passwords via netsh [windows]
- [T1010 Application Window Discovery](../../T1010/T1010.md)
atomics/Indexes/Indexes-Markdown/windows-index.md
+1
View File
@@ -1738,6 +1738,7 @@
- Atomic Test #32: ESXi - Darkside system information discovery [windows]
- Atomic Test #34: operating system discovery [windows]
- Atomic Test #35: Check OS version via "ver" command [windows]
- Atomic Test #36: Display volume shadow copies with "vssadmin" [windows]
- [T1016.002 System Network Configuration Discovery: Wi-Fi Discovery](../../T1016.002/T1016.002.md)
- Atomic Test #1: Enumerate Stored Wi-Fi Profiles And Passwords via netsh [windows]
- [T1010 Application Window Discovery](../../T1010/T1010.md)
atomics/Indexes/index.yaml
+10
View File
@@ -102407,6 +102407,16 @@ discovery:
executor:
name: command_prompt
command: ver
- name: Display volume shadow copies with "vssadmin"
auto_generated_guid: 7161b085-816a-491f-bab4-d68e974b7995
description: The command shows all available volume shadow copies, along with
their creation time and location.
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: vssadmin.exe list shadows
T1016.002:
technique:
modified: '2023-10-05T11:35:30.887Z'
atomics/Indexes/windows-index.yaml
+10
View File
@@ -83862,6 +83862,16 @@ discovery:
executor:
name: command_prompt
command: ver
- name: Display volume shadow copies with "vssadmin"
auto_generated_guid: 7161b085-816a-491f-bab4-d68e974b7995
description: The command shows all available volume shadow copies, along with
their creation time and location.
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: vssadmin.exe list shadows
T1016.002:
technique:
modified: '2023-10-05T11:35:30.887Z'
atomics/T1082/T1082.md
+30
View File
@@ -78,6 +78,8 @@ Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure a
- [Atomic Test #35 - Check OS version via "ver" command](#atomic-test-35---check-os-version-via-ver-command)
- [Atomic Test #36 - Display volume shadow copies with "vssadmin"](#atomic-test-36---display-volume-shadow-copies-with-vssadmin)
<br/>
@@ -1252,4 +1254,32 @@ ver
<br/>
<br/>
## Atomic Test #36 - Display volume shadow copies with "vssadmin"
The command shows all available volume shadow copies, along with their creation time and location.
**Supported Platforms:** Windows
**auto_generated_guid:** 7161b085-816a-491f-bab4-d68e974b7995
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
```cmd
vssadmin.exe list shadows
```
<br/>
atomics/T1082/T1082.yaml
+1
View File
@@ -547,6 +547,7 @@ atomic_tests:
name: command_prompt
command: ver
- name: Display volume shadow copies with "vssadmin"
auto_generated_guid: 7161b085-816a-491f-bab4-d68e974b7995
description: The command shows all available volume shadow copies, along with their creation time and location.
supported_platforms:
- windows
atomics/used_guids.txt
+1
View File
@@ -1682,3 +1682,4 @@ d9c32b3b-7916-45ad-aca5-6c902da80319
8b87dd03-8204-478c-bac3-3959f6528de3
ad4b73c2-d6e2-4d8b-9868-4c6f55906e01
f6ecb109-df24-4303-8d85-1987dbae6160
7161b085-816a-491f-bab4-d68e974b7995