Generate docs from job=validate_atomics_generate_docs branch=master
This commit is contained in:
CircleCI Atomic Red Team doc generator
parent
34953ac95f
commit
d8dd757a24
@@ -220,6 +220,7 @@ defense-evasion,T1070.003,Clear Command History,4,Clear Bash history (ln dev/nul
|
||||
defense-evasion,T1070.003,Clear Command History,5,Clear Bash history (truncate),47966a1d-df4f-4078-af65-db6d9aa20739,sh
|
||||
defense-evasion,T1070.003,Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
|
||||
defense-evasion,T1070.003,Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
|
||||
defense-evasion,T1070.003,Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,1,rm -rf,989cc1b1-3642-4260-a809-54f9dd559683,sh
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,2,Overwrite Linux Mail Spool,1602ff76-ed7f-4c94-b550-2f727b4782d4,bash
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,3,Overwrite Linux Log,d304b2dc-90b4-4465-a650-16ddd503f7b5,bash
|
||||
|
||||
|
@@ -42,6 +42,7 @@ defense-evasion,T1070.003,Clear Command History,4,Clear Bash history (ln dev/nul
|
||||
defense-evasion,T1070.003,Clear Command History,5,Clear Bash history (truncate),47966a1d-df4f-4078-af65-db6d9aa20739,sh
|
||||
defense-evasion,T1070.003,Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
|
||||
defense-evasion,T1070.003,Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
|
||||
defense-evasion,T1070.003,Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,1,rm -rf,989cc1b1-3642-4260-a809-54f9dd559683,sh
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,2,Overwrite Linux Mail Spool,1602ff76-ed7f-4c94-b550-2f727b4782d4,bash
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,3,Overwrite Linux Log,d304b2dc-90b4-4465-a650-16ddd503f7b5,bash
|
||||
|
||||
|
@@ -47,6 +47,7 @@ defense-evasion,T1070.003,Clear Command History,3,Clear Bash history (cat dev/nu
|
||||
defense-evasion,T1070.003,Clear Command History,4,Clear Bash history (ln dev/null),23d348f3-cc5c-4ba9-bd0a-ae09069f0914,sh
|
||||
defense-evasion,T1070.003,Clear Command History,6,Clear history of a bunch of shells,7e6721df-5f08-4370-9255-f06d8a77af4c,sh
|
||||
defense-evasion,T1070.003,Clear Command History,7,Clear and Disable Bash History Logging,784e4011-bd1a-4ecd-a63a-8feb278512e6,sh
|
||||
defense-evasion,T1070.003,Clear Command History,8,Use Space Before Command to Avoid Logging to History,53b03a54-4529-4992-852d-a00b4b7215a6,sh
|
||||
defense-evasion,T1070.002,Clear Linux or Mac System Logs,1,rm -rf,989cc1b1-3642-4260-a809-54f9dd559683,sh
|
||||
defense-evasion,T1562.001,Disable or Modify Tools,5,Disable Carbon Black Response,8fba7766-2d11-4b4a-979a-1e3d9cc9a88c,sh
|
||||
defense-evasion,T1562.001,Disable or Modify Tools,6,Disable LittleSnitch,62155dd8-bb3d-4f32-b31c-6532ff3ac6a3,sh
|
||||
|
||||
|
@@ -468,6 +468,7 @@
|
||||
- Atomic Test #5: Clear Bash history (truncate) [linux]
|
||||
- Atomic Test #6: Clear history of a bunch of shells [linux, macos]
|
||||
- Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
|
||||
- Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
|
||||
- [T1070.002 Clear Linux or Mac System Logs](../../T1070.002/T1070.002.md)
|
||||
- Atomic Test #1: rm -rf [macos, linux]
|
||||
- Atomic Test #2: Overwrite Linux Mail Spool [linux]
|
||||
|
||||
@@ -152,6 +152,7 @@
|
||||
- Atomic Test #5: Clear Bash history (truncate) [linux]
|
||||
- Atomic Test #6: Clear history of a bunch of shells [linux, macos]
|
||||
- Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
|
||||
- Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
|
||||
- [T1070.002 Clear Linux or Mac System Logs](../../T1070.002/T1070.002.md)
|
||||
- Atomic Test #1: rm -rf [macos, linux]
|
||||
- Atomic Test #2: Overwrite Linux Mail Spool [linux]
|
||||
|
||||
@@ -123,6 +123,7 @@
|
||||
- Atomic Test #4: Clear Bash history (ln dev/null) [linux, macos]
|
||||
- Atomic Test #6: Clear history of a bunch of shells [linux, macos]
|
||||
- Atomic Test #7: Clear and Disable Bash History Logging [linux, macos]
|
||||
- Atomic Test #8: Use Space Before Command to Avoid Logging to History [linux, macos]
|
||||
- [T1070.002 Clear Linux or Mac System Logs](../../T1070.002/T1070.002.md)
|
||||
- Atomic Test #1: rm -rf [macos, linux]
|
||||
- T1553.002 Code Signing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
|
||||
|
||||
@@ -21575,6 +21575,20 @@ defense-evasion:
|
||||
. ~/.bashrc
|
||||
history -c
|
||||
name: sh
|
||||
- name: Use Space Before Command to Avoid Logging to History
|
||||
auto_generated_guid: 53b03a54-4529-4992-852d-a00b4b7215a6
|
||||
description: 'Using a space before a command causes the command to not be logged
|
||||
in the Bash History file
|
||||
|
||||
'
|
||||
supported_platforms:
|
||||
- linux
|
||||
- macos
|
||||
executor:
|
||||
command: |
|
||||
hostname
|
||||
whoami
|
||||
name: sh
|
||||
T1070.002:
|
||||
technique:
|
||||
external_references:
|
||||
|
||||
@@ -22,6 +22,8 @@ Adversaries can use a variety of methods to prevent their own commands from appe
|
||||
|
||||
- [Atomic Test #7 - Clear and Disable Bash History Logging](#atomic-test-7---clear-and-disable-bash-history-logging)
|
||||
|
||||
- [Atomic Test #8 - Use Space Before Command to Avoid Logging to History](#atomic-test-8---use-space-before-command-to-avoid-logging-to-history)
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -195,4 +197,29 @@ history -c
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
## Atomic Test #8 - Use Space Before Command to Avoid Logging to History
|
||||
Using a space before a command causes the command to not be logged in the Bash History file
|
||||
|
||||
**Supported Platforms:** Linux, macOS
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Attack Commands: Run with `sh`!
|
||||
|
||||
|
||||
```sh
|
||||
hostname
|
||||
whoami
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -83,6 +83,7 @@ atomic_tests:
|
||||
history -c
|
||||
name: sh
|
||||
- name: Use Space Before Command to Avoid Logging to History
|
||||
auto_generated_guid: 53b03a54-4529-4992-852d-a00b4b7215a6
|
||||
description: |
|
||||
Using a space before a command causes the command to not be logged in the Bash History file
|
||||
supported_platforms:
|
||||
|
||||
@@ -557,3 +557,4 @@ fda74566-a604-4581-a4cc-fbbe21d66559
|
||||
9e2173c0-ba26-4cdf-b0ed-8c54b27e3ad6
|
||||
1ae5ea1f-0a4e-4e54-b2f5-4ac328a7f421
|
||||
103d6533-fd2a-4d08-976a-4a598565280f
|
||||
53b03a54-4529-4992-852d-a00b4b7215a6
|
||||
|
||||
Reference in New Issue
Block a user