Generate docs from job=validate_atomics_generate_docs branch=master

atomics/T1002/T1002.md

@@ -8,7 +8,11 @@
 
 - [Atomic Test #2 - Compress Data for Exfiltration With Rar](#atomic-test-2---compress-data-for-exfiltration-with-rar)
 
-- [Atomic Test #3 - Data Compressed - nix](#atomic-test-3---data-compressed---nix)
+- [Atomic Test #3 - Data Compressed - nix - zip](#atomic-test-3---data-compressed---nix---zip)
+
+- [Atomic Test #4 - Data Compressed - nix - gzip Single File](#atomic-test-4---data-compressed---nix---gzip-single-file)
+
+- [Atomic Test #5 - Data Compressed - nix - tar Folder or File](#atomic-test-5---data-compressed---nix---tar-folder-or-file)
 
 
 <br/>
@@ -51,22 +55,57 @@ rar a -r #{output_file} #{input_file}
 <br/>
 <br/>
 
-## Atomic Test #3 - Data Compressed - nix
-An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration 
+## Atomic Test #3 - Data Compressed - nix - zip
+An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration. This test uses standard zip compression.
 
 **Supported Platforms:** Linux, macOS
 
 
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| input_files | Path that should be compressed into our output file, may include wildcards | Path | /tmp/victim-files/*|
+| output_file | Path that should be output as a zip archive | Path | /tmp/victim-files.zip|
+
 #### Run it with `sh`!
 ```
-mkdir /tmp/victim-files
-cd /tmp/victim-files
-touch a b c d e f g
-echo "This file will be gzipped" > /tmp/victim-gzip.txt
-echo "This file will be tarred" > /tmp/victim-tar.txt
-zip /tmp/victim-files.zip /tmp/victim-files/*
-gzip -f /tmp/victim-gzip.txt
-tar -cvzf /tmp/victim-files.tar.gz /tmp/victim-files/
-tar -cvzf /tmp/victim-tar.tar.gz
+zip #{output_file} #{input_files}
+```
+<br/>
+<br/>
+
+## Atomic Test #4 - Data Compressed - nix - gzip Single File
+An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration. This test uses standard gzip compression.
+
+**Supported Platforms:** Linux, macOS
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| input_file | Path that should be compressed | Path | /tmp/victim-gzip.txt|
+
+#### Run it with `sh`!
+```
+gzip -f #{input_file}
+```
+<br/>
+<br/>
+
+## Atomic Test #5 - Data Compressed - nix - tar Folder or File
+An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration. This test uses standard gzip compression.
+
+**Supported Platforms:** Linux, macOS
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| input_file_folder | Path that should be compressed | Path | /tmp/victim-files/|
+| output_file | File that should be output | Path | /tmp/victim-files.tar.gz|
+
+#### Run it with `sh`!
+```
+tar -cvzf #{output_file} #{input_file_folder}
 ```
 <br/>

atomics/index.md

@@ -675,7 +675,9 @@
 - [T1002 Data Compressed](./T1002/T1002.md)
   - Atomic Test #1: Compress Data for Exfiltration With PowerShell [windows]
   - Atomic Test #2: Compress Data for Exfiltration With Rar [windows]
-  - Atomic Test #3: Data Compressed - nix [linux, macos]
+  - Atomic Test #3: Data Compressed - nix - zip [linux, macos]
+  - Atomic Test #4: Data Compressed - nix - gzip Single File [linux, macos]
+  - Atomic Test #5: Data Compressed - nix - tar Folder or File [linux, macos]
 - [T1022 Data Encrypted](./T1022/T1022.md)
   - Atomic Test #1: Data Encrypted [macos, centos, ubuntu, linux]
 - [T1030 Data Transfer Size Limits](./T1030/T1030.md)

atomics/index.yaml

@@ -18407,24 +18407,67 @@ exfiltration:
         command: 'rar a -r #{output_file} #{input_file}
 
 '
-    - name: Data Compressed - nix
-      description: "An adversary may compress data (e.g., sensitive documents) that
-        is collected prior to exfiltration \n"
+    - name: Data Compressed - nix - zip
+      description: 'An adversary may compress data (e.g., sensitive documents) that
+        is collected prior to exfiltration. This test uses standard zip compression.
+
+'
       supported_platforms:
       - linux
       - macos
+      input_arguments:
+        input_files:
+          description: Path that should be compressed into our output file, may include
+            wildcards
+          type: Path
+          default: "/tmp/victim-files/*"
+        output_file:
+          description: Path that should be output as a zip archive
+          type: Path
+          default: "/tmp/victim-files.zip"
       executor:
         name: sh
-        command: |
-          mkdir /tmp/victim-files
-          cd /tmp/victim-files
-          touch a b c d e f g
-          echo "This file will be gzipped" > /tmp/victim-gzip.txt
-          echo "This file will be tarred" > /tmp/victim-tar.txt
-          zip /tmp/victim-files.zip /tmp/victim-files/*
-          gzip -f /tmp/victim-gzip.txt
-          tar -cvzf /tmp/victim-files.tar.gz /tmp/victim-files/
-          tar -cvzf /tmp/victim-tar.tar.gz
+        command: 'zip #{output_file} #{input_files}
+
+'
+    - name: Data Compressed - nix - gzip Single File
+      description: 'An adversary may compress data (e.g., sensitive documents) that
+        is collected prior to exfiltration. This test uses standard gzip compression.
+
+'
+      supported_platforms:
+      - linux
+      - macos
+      input_arguments:
+        input_file:
+          description: Path that should be compressed
+          type: Path
+          default: "/tmp/victim-gzip.txt"
+      executor:
+        name: sh
+        command: 'gzip -f #{input_file}
+
+'
+    - name: Data Compressed - nix - tar Folder or File
+      description: 'An adversary may compress data (e.g., sensitive documents) that
+        is collected prior to exfiltration. This test uses standard gzip compression.
+
+'
+      supported_platforms:
+      - linux
+      - macos
+      input_arguments:
+        input_file_folder:
+          description: Path that should be compressed
+          type: Path
+          default: "/tmp/victim-files/"
+        output_file:
+          description: File that should be output
+          type: Path
+          default: "/tmp/victim-files.tar.gz"
+      executor:
+        name: sh
+        command: 'tar -cvzf #{output_file} #{input_file_folder}'
   T1022:
     technique:
       id: attack-pattern--d54416bd-0803-41ca-870a-ce1af7c05638

atomics/linux-index.md

@@ -100,7 +100,9 @@
 # exfiltration
 - T1020 Automated Exfiltration [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1002 Data Compressed](./T1002/T1002.md)
-  - Atomic Test #3: Data Compressed - nix [linux, macos]
+  - Atomic Test #3: Data Compressed - nix - zip [linux, macos]
+  - Atomic Test #4: Data Compressed - nix - gzip Single File [linux, macos]
+  - Atomic Test #5: Data Compressed - nix - tar Folder or File [linux, macos]
 - [T1022 Data Encrypted](./T1022/T1022.md)
   - Atomic Test #1: Data Encrypted [macos, centos, ubuntu, linux]
 - [T1030 Data Transfer Size Limits](./T1030/T1030.md)

atomics/macos-index.md

@@ -155,7 +155,9 @@
 # exfiltration
 - T1020 Automated Exfiltration [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1002 Data Compressed](./T1002/T1002.md)
-  - Atomic Test #3: Data Compressed - nix [linux, macos]
+  - Atomic Test #3: Data Compressed - nix - zip [linux, macos]
+  - Atomic Test #4: Data Compressed - nix - gzip Single File [linux, macos]
+  - Atomic Test #5: Data Compressed - nix - tar Folder or File [linux, macos]
 - [T1022 Data Encrypted](./T1022/T1022.md)
   - Atomic Test #1: Data Encrypted [macos, centos, ubuntu, linux]
 - [T1030 Data Transfer Size Limits](./T1030/T1030.md)