Generate docs from job=validate_atomics_generate_docs branch=master
This commit is contained in:
CircleCI Atomic Red Team doc generator
parent
5996ff29dc
commit
dbb75a50e1
@@ -12,6 +12,8 @@ An adversary may use task scheduling to execute programs at system startup or on
|
||||
|
||||
- [Atomic Test #3 - Scheduled task Remote](#atomic-test-3---scheduled-task-remote)
|
||||
|
||||
- [Atomic Test #4 - Powershell Cmdlet Scheduled Task](#atomic-test-4---powershell-cmdlet-scheduled-task)
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -75,4 +77,30 @@ SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task"
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
## Atomic Test #4 - Powershell Cmdlet Scheduled Task
|
||||
Create an atomic scheduled task that leverages native powershell cmdlets.
|
||||
These could be concidered "fileless" scheduled task creation.
|
||||
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
#### Run it with `powershell`!
|
||||
```
|
||||
$Action = New-ScheduledTaskAction -Execute "calc.exe"
|
||||
$Trigger = New-ScheduledTaskTrigger -AtLogon
|
||||
$User = New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel Highest
|
||||
$Set = New-ScheduledTaskSettingsSet
|
||||
$object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
|
||||
Register-ScheduledTask AtomicTask -InputObject $object
|
||||
```
|
||||
|
||||
|
||||
#### Cleanup Commands:
|
||||
```
|
||||
Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
|
||||
```
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -118,6 +118,7 @@
|
||||
- Atomic Test #1: At.exe Scheduled task [windows]
|
||||
- Atomic Test #2: Scheduled task Local [windows]
|
||||
- Atomic Test #3: Scheduled task Remote [windows]
|
||||
- Atomic Test #4: Powershell Cmdlet Scheduled Task [windows]
|
||||
- [T1180 Screensaver](./T1180/T1180.md)
|
||||
- Atomic Test #1: Set Arbitrary Binary as Screensaver [windows]
|
||||
- [T1101 Security Support Provider](./T1101/T1101.md)
|
||||
@@ -467,6 +468,7 @@
|
||||
- Atomic Test #1: At.exe Scheduled task [windows]
|
||||
- Atomic Test #2: Scheduled task Local [windows]
|
||||
- Atomic Test #3: Scheduled task Remote [windows]
|
||||
- Atomic Test #4: Powershell Cmdlet Scheduled Task [windows]
|
||||
- [T1058 Service Registry Permissions Weakness](./T1058/T1058.md)
|
||||
- Atomic Test #1: Service Registry Permissions Weakness [windows]
|
||||
- [T1166 Setuid and Setgid](./T1166/T1166.md)
|
||||
@@ -765,6 +767,7 @@
|
||||
- Atomic Test #1: At.exe Scheduled task [windows]
|
||||
- Atomic Test #2: Scheduled task Local [windows]
|
||||
- Atomic Test #3: Scheduled task Remote [windows]
|
||||
- Atomic Test #4: Powershell Cmdlet Scheduled Task [windows]
|
||||
- [T1064 Scripting](./T1064/T1064.md)
|
||||
- Atomic Test #1: Create and Execute Bash Shell Script [macos, linux]
|
||||
- Atomic Test #2: Create and Execute Batch Script [windows]
|
||||
|
||||
@@ -4018,6 +4018,24 @@ persistence:
|
||||
command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
|
||||
"Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
|
||||
|
||||
'
|
||||
- name: Powershell Cmdlet Scheduled Task
|
||||
description: "Create an atomic scheduled task that leverages native powershell
|
||||
cmdlets. \nThese could be concidered \"fileless\" scheduled task creation.\n"
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
command: |
|
||||
$Action = New-ScheduledTaskAction -Execute "calc.exe"
|
||||
$Trigger = New-ScheduledTaskTrigger -AtLogon
|
||||
$User = New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel Highest
|
||||
$Set = New-ScheduledTaskSettingsSet
|
||||
$object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
|
||||
Register-ScheduledTask AtomicTask -InputObject $object
|
||||
cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
|
||||
|
||||
'
|
||||
T1180:
|
||||
technique:
|
||||
@@ -14370,6 +14388,24 @@ privilege-escalation:
|
||||
command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
|
||||
"Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
|
||||
|
||||
'
|
||||
- name: Powershell Cmdlet Scheduled Task
|
||||
description: "Create an atomic scheduled task that leverages native powershell
|
||||
cmdlets. \nThese could be concidered \"fileless\" scheduled task creation.\n"
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
command: |
|
||||
$Action = New-ScheduledTaskAction -Execute "calc.exe"
|
||||
$Trigger = New-ScheduledTaskTrigger -AtLogon
|
||||
$User = New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel Highest
|
||||
$Set = New-ScheduledTaskSettingsSet
|
||||
$object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
|
||||
Register-ScheduledTask AtomicTask -InputObject $object
|
||||
cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
|
||||
|
||||
'
|
||||
T1058:
|
||||
technique:
|
||||
@@ -22099,6 +22135,24 @@ execution:
|
||||
command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
|
||||
"Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
|
||||
|
||||
'
|
||||
- name: Powershell Cmdlet Scheduled Task
|
||||
description: "Create an atomic scheduled task that leverages native powershell
|
||||
cmdlets. \nThese could be concidered \"fileless\" scheduled task creation.\n"
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
command: |
|
||||
$Action = New-ScheduledTaskAction -Execute "calc.exe"
|
||||
$Trigger = New-ScheduledTaskTrigger -AtLogon
|
||||
$User = New-ScheduledTaskPrincipal -GroupId "BUILTIN\Administrators" -RunLevel Highest
|
||||
$Set = New-ScheduledTaskSettingsSet
|
||||
$object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
|
||||
Register-ScheduledTask AtomicTask -InputObject $object
|
||||
cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
|
||||
|
||||
'
|
||||
T1064:
|
||||
technique:
|
||||
|
||||
@@ -237,6 +237,7 @@
|
||||
- Atomic Test #1: At.exe Scheduled task [windows]
|
||||
- Atomic Test #2: Scheduled task Local [windows]
|
||||
- Atomic Test #3: Scheduled task Remote [windows]
|
||||
- Atomic Test #4: Powershell Cmdlet Scheduled Task [windows]
|
||||
- [T1058 Service Registry Permissions Weakness](./T1058/T1058.md)
|
||||
- Atomic Test #1: Service Registry Permissions Weakness [windows]
|
||||
- T1078 Valid Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
|
||||
@@ -325,6 +326,7 @@
|
||||
- Atomic Test #1: At.exe Scheduled task [windows]
|
||||
- Atomic Test #2: Scheduled task Local [windows]
|
||||
- Atomic Test #3: Scheduled task Remote [windows]
|
||||
- Atomic Test #4: Powershell Cmdlet Scheduled Task [windows]
|
||||
- [T1180 Screensaver](./T1180/T1180.md)
|
||||
- Atomic Test #1: Set Arbitrary Binary as Screensaver [windows]
|
||||
- [T1101 Security Support Provider](./T1101/T1101.md)
|
||||
@@ -641,6 +643,7 @@
|
||||
- Atomic Test #1: At.exe Scheduled task [windows]
|
||||
- Atomic Test #2: Scheduled task Local [windows]
|
||||
- Atomic Test #3: Scheduled task Remote [windows]
|
||||
- Atomic Test #4: Powershell Cmdlet Scheduled Task [windows]
|
||||
- [T1064 Scripting](./T1064/T1064.md)
|
||||
- Atomic Test #2: Create and Execute Batch Script [windows]
|
||||
- [T1035 Service Execution](./T1035/T1035.md)
|
||||
|
||||
Reference in New Issue
Block a user