security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Deploying a docker

Browse Source 
Fairly straight forward to deploy a container.

Details:
There was no test case for deploying a container in the atomic-red team and I was working with atomic red team so thought to create a pr for this feature

Testing:
Tested using ubuntu as the base image. It creates an image and runs that image to check that image is deployed properly.

It may take up to a couple of minutes to run due to image creation. If it hangs for longer than a minute, something went wrong.

Associated Issues:
None
This commit is contained in:
aman143kri
2022-12-15 20:08:54 -08:00
parent b86d24fd99
commit f4338f3e0d
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1610/Src/dockerfile
+5
View File
@@ -0,0 +1,5 @@
FROM ubuntu
ARG DEBIAN_FRONTEND=noninteractive
RUN echo "1" > /tmp/output.txt && \
echo ' bin/sh -c "while true; do sleep 30;done;"' > /tmp/script.sh && chmod +x /tmp/script.sh
atomics/T1610/T1610.yaml
+36
View File
@@ -0,0 +1,36 @@
---
attack_technique: T1610
display_name: "Deploy a container"
atomic_tests:
- name: deploycontainer
auto_generated_guid: ab2f9520-a17a-4671-9dba-3bd034099fff
description: |
Adversaries may deploy containers based on retrieved or built malicious images or from benign images that download and execute malicious payloads at runtime. They can do this using docker create and docker start commands
supported_platforms:
- containers
dependency_executor_name: sh
dependencies:
- description: Verify docker is installed.
prereq_command: |
which docker
get_prereq_command: |
if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
- description: Verify docker service is running.
prereq_command: |
sudo systemctl status docker --no-pager
get_prereq_command: |
sudo systemctl start docker
executor:
command: |
docker build -t t1610 /home/kali/test/atomic-red-team/atomics/T1610/src/
docker run --name t1610_container --rm -itd t1610 bash /tmp/script.sh
name: bash
cleanup_command: |
docker stop t1610_container
docker rmi -f t1610:latest