security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-12-19 00:43:51 +00:00
parent 89ad31cce4
commit bfcfd561ea
12 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -2,7 +2,7 @@
# Atomic Red Team
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1695-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1696-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
Atomic Red Team™ is a library of tests mapped to the
[MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/index.csv
+1
View File
@@ -2005,6 +2005,7 @@ discovery,T1124,System Time Discovery,2,System Time Discovery - PowerShell,1d571
discovery,T1124,System Time Discovery,3,System Time Discovery in FreeBSD/macOS,f449c933-0891-407f-821e-7916a21a1a6f,sh
discovery,T1124,System Time Discovery,4,System Time Discovery W32tm as a Delay,d5d5a6b0-0f92-42d8-985d-47aafa2dd4db,command_prompt
discovery,T1124,System Time Discovery,5,System Time with Windows time Command,53ead5db-7098-4111-bb3f-563be390e72e,command_prompt
discovery,T1124,System Time Discovery,6,Discover System Time Zone via Registry,25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47,command_prompt
reconnaissance,T1592.001,Gather Victim Host Information: Hardware,1,Enumerate PlugNPlay Camera,d430bf85-b656-40e7-b238-42db01df0183,powershell
impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
impact,T1489,Service Stop,2,Windows - Stop service using net.exe,41274289-ec9c-4213-bea4-e43c4aa57954,command_prompt
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
2005 discovery T1124 System Time Discovery 3 System Time Discovery in FreeBSD/macOS f449c933-0891-407f-821e-7916a21a1a6f sh
2006 discovery T1124 System Time Discovery 4 System Time Discovery W32tm as a Delay d5d5a6b0-0f92-42d8-985d-47aafa2dd4db command_prompt
2007 discovery T1124 System Time Discovery 5 System Time with Windows time Command 53ead5db-7098-4111-bb3f-563be390e72e command_prompt
2008 discovery T1124 System Time Discovery 6 Discover System Time Zone via Registry 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47 command_prompt
2009 reconnaissance T1592.001 Gather Victim Host Information: Hardware 1 Enumerate PlugNPlay Camera d430bf85-b656-40e7-b238-42db01df0183 powershell
2010 impact T1489 Service Stop 1 Windows - Stop service using Service Controller 21dfb440-830d-4c86-a3e5-2a491d5a8d04 command_prompt
2011 impact T1489 Service Stop 2 Windows - Stop service using net.exe 41274289-ec9c-4213-bea4-e43c4aa57954 command_prompt
atomics/Indexes/Indexes-CSV/windows-index.csv
+1
View File
@@ -1364,6 +1364,7 @@ discovery,T1124,System Time Discovery,1,System Time Discovery,20aba24b-e61f-4b26
discovery,T1124,System Time Discovery,2,System Time Discovery - PowerShell,1d5711d6-655c-4a47-ae9c-6503c74fa877,powershell
discovery,T1124,System Time Discovery,4,System Time Discovery W32tm as a Delay,d5d5a6b0-0f92-42d8-985d-47aafa2dd4db,command_prompt
discovery,T1124,System Time Discovery,5,System Time with Windows time Command,53ead5db-7098-4111-bb3f-563be390e72e,command_prompt
discovery,T1124,System Time Discovery,6,Discover System Time Zone via Registry,25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47,command_prompt
impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
impact,T1489,Service Stop,2,Windows - Stop service using net.exe,41274289-ec9c-4213-bea4-e43c4aa57954,command_prompt
impact,T1489,Service Stop,3,Windows - Stop service by killing process,f3191b84-c38b-400b-867e-3a217a27795f,command_prompt
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1364 discovery T1124 System Time Discovery 2 System Time Discovery - PowerShell 1d5711d6-655c-4a47-ae9c-6503c74fa877 powershell
1365 discovery T1124 System Time Discovery 4 System Time Discovery W32tm as a Delay d5d5a6b0-0f92-42d8-985d-47aafa2dd4db command_prompt
1366 discovery T1124 System Time Discovery 5 System Time with Windows time Command 53ead5db-7098-4111-bb3f-563be390e72e command_prompt
1367 discovery T1124 System Time Discovery 6 Discover System Time Zone via Registry 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47 command_prompt
1368 impact T1489 Service Stop 1 Windows - Stop service using Service Controller 21dfb440-830d-4c86-a3e5-2a491d5a8d04 command_prompt
1369 impact T1489 Service Stop 2 Windows - Stop service using net.exe 41274289-ec9c-4213-bea4-e43c4aa57954 command_prompt
1370 impact T1489 Service Stop 3 Windows - Stop service by killing process f3191b84-c38b-400b-867e-3a217a27795f command_prompt
atomics/Indexes/Indexes-Markdown/index.md
+1
View File
@@ -2711,6 +2711,7 @@
- Atomic Test #3: System Time Discovery in FreeBSD/macOS [linux, macos]
- Atomic Test #4: System Time Discovery W32tm as a Delay [windows]
- Atomic Test #5: System Time with Windows time Command [windows]
- Atomic Test #6: Discover System Time Zone via Registry [windows]
# resource-development
- T1583 Acquire Infrastructure [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
atomics/Indexes/Indexes-Markdown/windows-index.md
+1
View File
@@ -1906,6 +1906,7 @@
- Atomic Test #2: System Time Discovery - PowerShell [windows]
- Atomic Test #4: System Time Discovery W32tm as a Delay [windows]
- Atomic Test #5: System Time with Windows time Command [windows]
- Atomic Test #6: Discover System Time Zone via Registry [windows]
# impact
- T1561.002 Disk Structure Wipe [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
atomics/Indexes/index.yaml
+14
View File
@@ -109278,6 +109278,20 @@ discovery:
'
name: command_prompt
- name: Discover System Time Zone via Registry
auto_generated_guid: 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
description: |
Identify the Operating System Time Zone via registry with the reg.exe command.
Upon execution, the system Time Zone will be shown.
supported_platforms:
- windows
executor:
command: 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation"
/v TimeZoneKeyName
'
name: command_prompt
elevation_required: false
resource-development:
T1583:
technique:
atomics/Indexes/windows-index.yaml
+14
View File
@@ -89573,6 +89573,20 @@ discovery:
'
name: command_prompt
- name: Discover System Time Zone via Registry
auto_generated_guid: 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
description: |
Identify the Operating System Time Zone via registry with the reg.exe command.
Upon execution, the system Time Zone will be shown.
supported_platforms:
- windows
executor:
command: 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation"
/v TimeZoneKeyName
'
name: command_prompt
elevation_required: false
resource-development:
T1583:
technique:
atomics/T1124/T1124.md
+31
View File
@@ -22,6 +22,8 @@ This information could be useful for performing other techniques, such as execut
- [Atomic Test #5 - System Time with Windows time Command](#atomic-test-5---system-time-with-windows-time-command)
- [Atomic Test #6 - Discover System Time Zone via Registry](#atomic-test-6---discover-system-time-zone-via-registry)
<br/>
@@ -173,4 +175,33 @@ time
<br/>
<br/>
## Atomic Test #6 - Discover System Time Zone via Registry
Identify the Operating System Time Zone via registry with the reg.exe command.
Upon execution, the system Time Zone will be shown.
**Supported Platforms:** Windows
**auto_generated_guid:** 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
#### Attack Commands: Run with `command_prompt`!
```cmd
reg query "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation" /v TimeZoneKeyName
```
<br/>
atomics/T1124/T1124.yaml
+1
View File
@@ -64,6 +64,7 @@ atomic_tests:
time
name: command_prompt
- name: Discover System Time Zone via Registry
auto_generated_guid: 25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47
description: |
Identify the Operating System Time Zone via registry with the reg.exe command.
Upon execution, the system Time Zone will be shown.
atomics/used_guids.txt
+1
View File
@@ -1719,3 +1719,4 @@ aa12eb29-2dbb-414e-8b20-33d34af93543
9d9c22c9-fa97-4008-a204-478cf68c40af
be3b5fe3-a575-4fb8-83f6-ad4a68dd5ce7
acfcd709-0013-4f1e-b9ee-bc1e7bafaaec
25c5d1f1-a24b-494a-a6c5-5f50a1ae7f47