From f59bb10f9f96124d2ee3d1e4f4ea47e7a89f7692 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Fri, 17 Jul 2020 23:52:22 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- .../art-navigator-layer-windows.json | 2 +- atomics/Indexes/Indexes-CSV/index.csv | 1 + atomics/Indexes/Indexes-CSV/windows-index.csv | 1 + atomics/Indexes/Indexes-Markdown/index.md | 1 + .../Indexes/Indexes-Markdown/windows-index.md | 3 +- atomics/Indexes/Matrices/windows-matrix.md | 2 +- atomics/Indexes/index.yaml | 27 ++++++++++ atomics/T1046/T1046.md | 49 +++++++++++++++++++ atomics/T1046/T1046.yaml | 1 + atomics/used_guids.txt | 1 + 10 files changed, 85 insertions(+), 3 deletions(-) diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json index 5960da1a..b92a62d7 100644 --- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json +++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json @@ -1 +1 @@ -{"version":"3.0","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true},{"techniqueID":"T1003.002","score":100,"enabled":true},{"techniqueID":"T1003.003","score":100,"enabled":true},{"techniqueID":"T1003","score":100,"enabled":true},{"techniqueID":"T1007","score":100,"enabled":true},{"techniqueID":"T1010","score":100,"enabled":true},{"techniqueID":"T1012","score":100,"enabled":true},{"techniqueID":"T1014","score":100,"enabled":true},{"techniqueID":"T1016","score":100,"enabled":true},{"techniqueID":"T1018","score":100,"enabled":true},{"techniqueID":"T1020","score":100,"enabled":true},{"techniqueID":"T1021.001","score":100,"enabled":true},{"techniqueID":"T1021.002","score":100,"enabled":true},{"techniqueID":"T1021.006","score":100,"enabled":true},{"techniqueID":"T1027.004","score":100,"enabled":true},{"techniqueID":"T1027","score":100,"enabled":true},{"techniqueID":"T1033","score":100,"enabled":true},{"techniqueID":"T1036.003","score":100,"enabled":true},{"techniqueID":"T1037.001","score":100,"enabled":true},{"techniqueID":"T1040","score":100,"enabled":true},{"techniqueID":"T1047","score":100,"enabled":true},{"techniqueID":"T1048.003","score":100,"enabled":true},{"techniqueID":"T1049","score":100,"enabled":true},{"techniqueID":"T1053.002","score":100,"enabled":true},{"techniqueID":"T1053.005","score":100,"enabled":true},{"techniqueID":"T1055.004","score":100,"enabled":true},{"techniqueID":"T1055.012","score":100,"enabled":true},{"techniqueID":"T1055","score":100,"enabled":true},{"techniqueID":"T1056.001","score":100,"enabled":true},{"techniqueID":"T1056.002","score":100,"enabled":true},{"techniqueID":"T1056.004","score":100,"enabled":true},{"techniqueID":"T1057","score":100,"enabled":true},{"techniqueID":"T1059.001","score":100,"enabled":true},{"techniqueID":"T1059.003","score":100,"enabled":true},{"techniqueID":"T1069.001","score":100,"enabled":true},{"techniqueID":"T1069.002","score":100,"enabled":true},{"techniqueID":"T1071.001","score":100,"enabled":true},{"techniqueID":"T1071.004","score":100,"enabled":true},{"techniqueID":"T1074.001","score":100,"enabled":true},{"techniqueID":"T1082","score":100,"enabled":true},{"techniqueID":"T1083","score":100,"enabled":true},{"techniqueID":"T1087.001","score":100,"enabled":true},{"techniqueID":"T1087.002","score":100,"enabled":true},{"techniqueID":"T1090.001","score":100,"enabled":true},{"techniqueID":"T1095","score":100,"enabled":true},{"techniqueID":"T1098","score":100,"enabled":true},{"techniqueID":"T1105","score":100,"enabled":true},{"techniqueID":"T1106","score":100,"enabled":true},{"techniqueID":"T1110.001","score":100,"enabled":true},{"techniqueID":"T1110.003","score":100,"enabled":true},{"techniqueID":"T1112","score":100,"enabled":true},{"techniqueID":"T1114.001","score":100,"enabled":true},{"techniqueID":"T1115","score":100,"enabled":true},{"techniqueID":"T1119","score":100,"enabled":true},{"techniqueID":"T1123","score":100,"enabled":true},{"techniqueID":"T1124","score":100,"enabled":true},{"techniqueID":"T1127.001","score":100,"enabled":true},{"techniqueID":"T1134.004","score":100,"enabled":true},{"techniqueID":"T1135","score":100,"enabled":true},{"techniqueID":"T1136.001","score":100,"enabled":true},{"techniqueID":"T1140","score":100,"enabled":true},{"techniqueID":"T1176","score":100,"enabled":true},{"techniqueID":"T1197","score":100,"enabled":true},{"techniqueID":"T1201","score":100,"enabled":true},{"techniqueID":"T1202","score":100,"enabled":true},{"techniqueID":"T1204.002","score":100,"enabled":true},{"techniqueID":"T1207","score":100,"enabled":true},{"techniqueID":"T1216.001","score":100,"enabled":true},{"techniqueID":"T1216","score":100,"enabled":true},{"techniqueID":"T1217","score":100,"enabled":true},{"techniqueID":"T1218.001","score":100,"enabled":true},{"techniqueID":"T1218.002","score":100,"enabled":true},{"techniqueID":"T1218.003","score":100,"enabled":true},{"techniqueID":"T1218.004","score":100,"enabled":true},{"techniqueID":"T1218.005","score":100,"enabled":true},{"techniqueID":"T1218.007","score":100,"enabled":true},{"techniqueID":"T1218.008","score":100,"enabled":true},{"techniqueID":"T1218.009","score":100,"enabled":true},{"techniqueID":"T1218.010","score":100,"enabled":true},{"techniqueID":"T1218.011","score":100,"enabled":true},{"techniqueID":"T1218","score":100,"enabled":true},{"techniqueID":"T1219","score":100,"enabled":true},{"techniqueID":"T1220","score":100,"enabled":true},{"techniqueID":"T1222.001","score":100,"enabled":true},{"techniqueID":"T1482","score":100,"enabled":true},{"techniqueID":"T1485","score":100,"enabled":true},{"techniqueID":"T1489","score":100,"enabled":true},{"techniqueID":"T1490","score":100,"enabled":true},{"techniqueID":"T1505.002","score":100,"enabled":true},{"techniqueID":"T1505.003","score":100,"enabled":true},{"techniqueID":"T1518.001","score":100,"enabled":true},{"techniqueID":"T1518","score":100,"enabled":true},{"techniqueID":"T1529","score":100,"enabled":true},{"techniqueID":"T1531","score":100,"enabled":true},{"techniqueID":"T1543.003","score":100,"enabled":true},{"techniqueID":"T1546.001","score":100,"enabled":true},{"techniqueID":"T1546.002","score":100,"enabled":true},{"techniqueID":"T1546.003","score":100,"enabled":true},{"techniqueID":"T1546.007","score":100,"enabled":true},{"techniqueID":"T1546.008","score":100,"enabled":true},{"techniqueID":"T1546.010","score":100,"enabled":true},{"techniqueID":"T1546.011","score":100,"enabled":true},{"techniqueID":"T1546.012","score":100,"enabled":true},{"techniqueID":"T1546.013","score":100,"enabled":true},{"techniqueID":"T1546.015","score":100,"enabled":true},{"techniqueID":"T1547.001","score":100,"enabled":true},{"techniqueID":"T1547.004","score":100,"enabled":true},{"techniqueID":"T1547.005","score":100,"enabled":true},{"techniqueID":"T1547.009","score":100,"enabled":true},{"techniqueID":"T1548.002","score":100,"enabled":true},{"techniqueID":"T1550.002","score":100,"enabled":true},{"techniqueID":"T1550.003","score":100,"enabled":true},{"techniqueID":"T1551.001","score":100,"enabled":true},{"techniqueID":"T1551.004","score":100,"enabled":true},{"techniqueID":"T1551.005","score":100,"enabled":true},{"techniqueID":"T1551.006","score":100,"enabled":true},{"techniqueID":"T1551","score":100,"enabled":true},{"techniqueID":"T1552.001","score":100,"enabled":true},{"techniqueID":"T1552.002","score":100,"enabled":true},{"techniqueID":"T1552.004","score":100,"enabled":true},{"techniqueID":"T1552.006","score":100,"enabled":true},{"techniqueID":"T1553.004","score":100,"enabled":true},{"techniqueID":"T1555.003","score":100,"enabled":true},{"techniqueID":"T1556.002","score":100,"enabled":true},{"techniqueID":"T1558.003","score":100,"enabled":true},{"techniqueID":"T1559.002","score":100,"enabled":true},{"techniqueID":"T1560.001","score":100,"enabled":true},{"techniqueID":"T1560","score":100,"enabled":true},{"techniqueID":"T1562.001","score":100,"enabled":true},{"techniqueID":"T1562.002","score":100,"enabled":true},{"techniqueID":"T1562.004","score":100,"enabled":true},{"techniqueID":"T1564.001","score":100,"enabled":true},{"techniqueID":"T1564.003","score":100,"enabled":true},{"techniqueID":"T1564.004","score":100,"enabled":true},{"techniqueID":"T1566.001","score":100,"enabled":true},{"techniqueID":"T1569.002","score":100,"enabled":true},{"techniqueID":"T1571","score":100,"enabled":true},{"techniqueID":"T1573","score":100,"enabled":true},{"techniqueID":"T1574.001","score":100,"enabled":true},{"techniqueID":"T1574.002","score":100,"enabled":true},{"techniqueID":"T1574.009","score":100,"enabled":true},{"techniqueID":"T1574.010","score":100,"enabled":true},{"techniqueID":"T1574.011","score":100,"enabled":true}]} \ No newline at end of file +{"version":"3.0","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true},{"techniqueID":"T1003.002","score":100,"enabled":true},{"techniqueID":"T1003.003","score":100,"enabled":true},{"techniqueID":"T1003","score":100,"enabled":true},{"techniqueID":"T1007","score":100,"enabled":true},{"techniqueID":"T1010","score":100,"enabled":true},{"techniqueID":"T1012","score":100,"enabled":true},{"techniqueID":"T1014","score":100,"enabled":true},{"techniqueID":"T1016","score":100,"enabled":true},{"techniqueID":"T1018","score":100,"enabled":true},{"techniqueID":"T1020","score":100,"enabled":true},{"techniqueID":"T1021.001","score":100,"enabled":true},{"techniqueID":"T1021.002","score":100,"enabled":true},{"techniqueID":"T1021.006","score":100,"enabled":true},{"techniqueID":"T1027.004","score":100,"enabled":true},{"techniqueID":"T1027","score":100,"enabled":true},{"techniqueID":"T1033","score":100,"enabled":true},{"techniqueID":"T1036.003","score":100,"enabled":true},{"techniqueID":"T1037.001","score":100,"enabled":true},{"techniqueID":"T1040","score":100,"enabled":true},{"techniqueID":"T1046","score":100,"enabled":true},{"techniqueID":"T1047","score":100,"enabled":true},{"techniqueID":"T1048.003","score":100,"enabled":true},{"techniqueID":"T1049","score":100,"enabled":true},{"techniqueID":"T1053.002","score":100,"enabled":true},{"techniqueID":"T1053.005","score":100,"enabled":true},{"techniqueID":"T1055.004","score":100,"enabled":true},{"techniqueID":"T1055.012","score":100,"enabled":true},{"techniqueID":"T1055","score":100,"enabled":true},{"techniqueID":"T1056.001","score":100,"enabled":true},{"techniqueID":"T1056.002","score":100,"enabled":true},{"techniqueID":"T1056.004","score":100,"enabled":true},{"techniqueID":"T1057","score":100,"enabled":true},{"techniqueID":"T1059.001","score":100,"enabled":true},{"techniqueID":"T1059.003","score":100,"enabled":true},{"techniqueID":"T1069.001","score":100,"enabled":true},{"techniqueID":"T1069.002","score":100,"enabled":true},{"techniqueID":"T1071.001","score":100,"enabled":true},{"techniqueID":"T1071.004","score":100,"enabled":true},{"techniqueID":"T1074.001","score":100,"enabled":true},{"techniqueID":"T1082","score":100,"enabled":true},{"techniqueID":"T1083","score":100,"enabled":true},{"techniqueID":"T1087.001","score":100,"enabled":true},{"techniqueID":"T1087.002","score":100,"enabled":true},{"techniqueID":"T1090.001","score":100,"enabled":true},{"techniqueID":"T1095","score":100,"enabled":true},{"techniqueID":"T1098","score":100,"enabled":true},{"techniqueID":"T1105","score":100,"enabled":true},{"techniqueID":"T1106","score":100,"enabled":true},{"techniqueID":"T1110.001","score":100,"enabled":true},{"techniqueID":"T1110.003","score":100,"enabled":true},{"techniqueID":"T1112","score":100,"enabled":true},{"techniqueID":"T1114.001","score":100,"enabled":true},{"techniqueID":"T1115","score":100,"enabled":true},{"techniqueID":"T1119","score":100,"enabled":true},{"techniqueID":"T1123","score":100,"enabled":true},{"techniqueID":"T1124","score":100,"enabled":true},{"techniqueID":"T1127.001","score":100,"enabled":true},{"techniqueID":"T1134.004","score":100,"enabled":true},{"techniqueID":"T1135","score":100,"enabled":true},{"techniqueID":"T1136.001","score":100,"enabled":true},{"techniqueID":"T1140","score":100,"enabled":true},{"techniqueID":"T1176","score":100,"enabled":true},{"techniqueID":"T1197","score":100,"enabled":true},{"techniqueID":"T1201","score":100,"enabled":true},{"techniqueID":"T1202","score":100,"enabled":true},{"techniqueID":"T1204.002","score":100,"enabled":true},{"techniqueID":"T1207","score":100,"enabled":true},{"techniqueID":"T1216.001","score":100,"enabled":true},{"techniqueID":"T1216","score":100,"enabled":true},{"techniqueID":"T1217","score":100,"enabled":true},{"techniqueID":"T1218.001","score":100,"enabled":true},{"techniqueID":"T1218.002","score":100,"enabled":true},{"techniqueID":"T1218.003","score":100,"enabled":true},{"techniqueID":"T1218.004","score":100,"enabled":true},{"techniqueID":"T1218.005","score":100,"enabled":true},{"techniqueID":"T1218.007","score":100,"enabled":true},{"techniqueID":"T1218.008","score":100,"enabled":true},{"techniqueID":"T1218.009","score":100,"enabled":true},{"techniqueID":"T1218.010","score":100,"enabled":true},{"techniqueID":"T1218.011","score":100,"enabled":true},{"techniqueID":"T1218","score":100,"enabled":true},{"techniqueID":"T1219","score":100,"enabled":true},{"techniqueID":"T1220","score":100,"enabled":true},{"techniqueID":"T1222.001","score":100,"enabled":true},{"techniqueID":"T1482","score":100,"enabled":true},{"techniqueID":"T1485","score":100,"enabled":true},{"techniqueID":"T1489","score":100,"enabled":true},{"techniqueID":"T1490","score":100,"enabled":true},{"techniqueID":"T1505.002","score":100,"enabled":true},{"techniqueID":"T1505.003","score":100,"enabled":true},{"techniqueID":"T1518.001","score":100,"enabled":true},{"techniqueID":"T1518","score":100,"enabled":true},{"techniqueID":"T1529","score":100,"enabled":true},{"techniqueID":"T1531","score":100,"enabled":true},{"techniqueID":"T1543.003","score":100,"enabled":true},{"techniqueID":"T1546.001","score":100,"enabled":true},{"techniqueID":"T1546.002","score":100,"enabled":true},{"techniqueID":"T1546.003","score":100,"enabled":true},{"techniqueID":"T1546.007","score":100,"enabled":true},{"techniqueID":"T1546.008","score":100,"enabled":true},{"techniqueID":"T1546.010","score":100,"enabled":true},{"techniqueID":"T1546.011","score":100,"enabled":true},{"techniqueID":"T1546.012","score":100,"enabled":true},{"techniqueID":"T1546.013","score":100,"enabled":true},{"techniqueID":"T1546.015","score":100,"enabled":true},{"techniqueID":"T1547.001","score":100,"enabled":true},{"techniqueID":"T1547.004","score":100,"enabled":true},{"techniqueID":"T1547.005","score":100,"enabled":true},{"techniqueID":"T1547.009","score":100,"enabled":true},{"techniqueID":"T1548.002","score":100,"enabled":true},{"techniqueID":"T1550.002","score":100,"enabled":true},{"techniqueID":"T1550.003","score":100,"enabled":true},{"techniqueID":"T1551.001","score":100,"enabled":true},{"techniqueID":"T1551.004","score":100,"enabled":true},{"techniqueID":"T1551.005","score":100,"enabled":true},{"techniqueID":"T1551.006","score":100,"enabled":true},{"techniqueID":"T1551","score":100,"enabled":true},{"techniqueID":"T1552.001","score":100,"enabled":true},{"techniqueID":"T1552.002","score":100,"enabled":true},{"techniqueID":"T1552.004","score":100,"enabled":true},{"techniqueID":"T1552.006","score":100,"enabled":true},{"techniqueID":"T1553.004","score":100,"enabled":true},{"techniqueID":"T1555.003","score":100,"enabled":true},{"techniqueID":"T1556.002","score":100,"enabled":true},{"techniqueID":"T1558.003","score":100,"enabled":true},{"techniqueID":"T1559.002","score":100,"enabled":true},{"techniqueID":"T1560.001","score":100,"enabled":true},{"techniqueID":"T1560","score":100,"enabled":true},{"techniqueID":"T1562.001","score":100,"enabled":true},{"techniqueID":"T1562.002","score":100,"enabled":true},{"techniqueID":"T1562.004","score":100,"enabled":true},{"techniqueID":"T1564.001","score":100,"enabled":true},{"techniqueID":"T1564.003","score":100,"enabled":true},{"techniqueID":"T1564.004","score":100,"enabled":true},{"techniqueID":"T1566.001","score":100,"enabled":true},{"techniqueID":"T1569.002","score":100,"enabled":true},{"techniqueID":"T1571","score":100,"enabled":true},{"techniqueID":"T1573","score":100,"enabled":true},{"techniqueID":"T1574.001","score":100,"enabled":true},{"techniqueID":"T1574.002","score":100,"enabled":true},{"techniqueID":"T1574.009","score":100,"enabled":true},{"techniqueID":"T1574.010","score":100,"enabled":true},{"techniqueID":"T1574.011","score":100,"enabled":true}]} \ No newline at end of file diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv index 72d28b06..4982cace 100644 --- a/atomics/Indexes/Indexes-CSV/index.csv +++ b/atomics/Indexes/Indexes-CSV/index.csv @@ -466,6 +466,7 @@ discovery,T1069.001,Local Groups,2,Basic Permission Groups Discovery Windows (Lo discovery,T1069.001,Local Groups,3,Permission Groups Discovery PowerShell (Local),a580462d-2c19-4bc7-8b9a-57a41b7d3ba4,powershell discovery,T1046,Network Service Scanning,1,Port Scan,68e907da-2539-48f6-9fc9-257a78c05540,sh discovery,T1046,Network Service Scanning,2,Port Scan Nmap,515942b0-a09f-4163-a7bb-22fefb6f185f,sh +discovery,T1046,Network Service Scanning,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell discovery,T1135,Network Share Discovery,1,Network Share Discovery,f94b5ad9-911c-4eff-9718-fd21899db4f7,sh discovery,T1135,Network Share Discovery,2,Network Share Discovery command prompt,20f1097d-81c1-405c-8380-32174d493bbb,command_prompt discovery,T1135,Network Share Discovery,3,Network Share Discovery PowerShell,1b0814d1-bb24-402d-9615-1b20c50733fb,powershell diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv index 8acca810..7adc4795 100644 --- a/atomics/Indexes/Indexes-CSV/windows-index.csv +++ b/atomics/Indexes/Indexes-CSV/windows-index.csv @@ -283,6 +283,7 @@ discovery,T1087.001,Local Account,10,Enumerate logged on users via CMD (Local),a discovery,T1087.001,Local Account,11,Enumerate logged on users via PowerShell,2bdc42c7-8907-40c2-9c2b-42919a00fe03,powershell discovery,T1069.001,Local Groups,2,Basic Permission Groups Discovery Windows (Local),1f454dd6-e134-44df-bebb-67de70fb6cd8,command_prompt discovery,T1069.001,Local Groups,3,Permission Groups Discovery PowerShell (Local),a580462d-2c19-4bc7-8b9a-57a41b7d3ba4,powershell +discovery,T1046,Network Service Scanning,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell discovery,T1135,Network Share Discovery,2,Network Share Discovery command prompt,20f1097d-81c1-405c-8380-32174d493bbb,command_prompt discovery,T1135,Network Share Discovery,3,Network Share Discovery PowerShell,1b0814d1-bb24-402d-9615-1b20c50733fb,powershell discovery,T1135,Network Share Discovery,4,View available share drives,ab39a04f-0c93-4540-9ff2-83f862c385ae,command_prompt diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md index 07bc724a..14dab100 100644 --- a/atomics/Indexes/Indexes-Markdown/index.md +++ b/atomics/Indexes/Indexes-Markdown/index.md @@ -872,6 +872,7 @@ - [T1046 Network Service Scanning](../../T1046/T1046.md) - Atomic Test #1: Port Scan [linux, macos] - Atomic Test #2: Port Scan Nmap [linux, macos] + - Atomic Test #3: Port Scan NMap for Windows [windows] - [T1135 Network Share Discovery](../../T1135/T1135.md) - Atomic Test #1: Network Share Discovery [macos, linux] - Atomic Test #2: Network Share Discovery command prompt [windows] diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md index aa2c3422..929109c1 100644 --- a/atomics/Indexes/Indexes-Markdown/windows-index.md +++ b/atomics/Indexes/Indexes-Markdown/windows-index.md @@ -564,7 +564,8 @@ - [T1069.001 Local Groups](../../T1069.001/T1069.001.md) - Atomic Test #2: Basic Permission Groups Discovery Windows (Local) [windows] - Atomic Test #3: Permission Groups Discovery PowerShell (Local) [windows] -- T1046 Network Service Scanning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) +- [T1046 Network Service Scanning](../../T1046/T1046.md) + - Atomic Test #3: Port Scan NMap for Windows [windows] - [T1135 Network Share Discovery](../../T1135/T1135.md) - Atomic Test #2: Network Share Discovery command prompt [windows] - Atomic Test #3: Network Share Discovery PowerShell [windows] diff --git a/atomics/Indexes/Matrices/windows-matrix.md b/atomics/Indexes/Matrices/windows-matrix.md index a3f34d1a..d8be9c7e 100644 --- a/atomics/Indexes/Matrices/windows-matrix.md +++ b/atomics/Indexes/Matrices/windows-matrix.md @@ -11,7 +11,7 @@ | External Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Inter-Process Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Authentication Package [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | [CMSTP](../../T1218.003/T1218.003.md) | [Credentials in Registry](../../T1552.002/T1552.002.md) | [File and Directory Discovery](../../T1083/T1083.md) | RDP Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Credential API Hooking](../../T1056.004/T1056.004.md) | Exfiltration Over Physical Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data Obfuscation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Direct Network Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Hardware Additions [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Malicious File](../../T1204.002/T1204.002.md) | [BITS Jobs](../../T1197/T1197.md) | Authentication Package [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Clear Windows Event Logs](../../T1551.001/T1551.001.md) | DCSync [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Local Account](../../T1087.001/T1087.001.md) | [Remote Desktop Protocol](../../T1021.001/T1021.001.md) | Data Staged [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Symmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Dead Drop Resolver [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disk Content Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Local Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Malicious Link [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Boot or Logon Autostart Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Boot or Logon Autostart Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Code Signing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Controller Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Local Groups](../../T1069.001/T1069.001.md) | Remote Service Session Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Information Repositories [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol](../../T1048.003/T1048.003.md) | Domain Fronting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disk Structure Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | -| Phishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Native API](../../T1106/T1106.md) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Compile After Delivery](../../T1027.004/T1027.004.md) | Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Network Service Scanning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Local System [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Web Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Generation Algorithms [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disk Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | +| Phishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Native API](../../T1106/T1106.md) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Boot or Logon Initialization Scripts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Compile After Delivery](../../T1027.004/T1027.004.md) | Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Service Scanning](../../T1046/T1046.md) | Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Local System [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Web Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Generation Algorithms [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disk Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Replication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [PowerShell](../../T1059.001/T1059.001.md) | Bootkit [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Bypass User Access Control](../../T1548.002/T1548.002.md) | [Compiled HTML File](../../T1218.001/T1218.001.md) | Forced Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Share Discovery](../../T1135/T1135.md) | Replication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data from Network Shared Drive [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration over USB [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Dynamic Resolution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Endpoint Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | [Spearphishing Attachment](../../T1566.001/T1566.001.md) | Python [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Browser Extensions](../../T1176/T1176.md) | [Change Default File Association](../../T1546.001/T1546.001.md) | Component Firmware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [GUI Input Capture](../../T1056.002/T1056.002.md) | [Network Sniffing](../../T1040/T1040.md) | [SMB/Windows Admin Shares](../../T1021.002/T1021.002.md) | Data from Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration to Cloud Storage [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Encrypted Channel](../../T1573/T1573.md) | External Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | | Spearphishing Link [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Scheduled Task](../../T1053.005/T1053.005.md) | [Change Default File Association](../../T1546.001/T1546.001.md) | [Component Object Model Hijacking](../../T1546.015/T1546.015.md) | [Control Panel](../../T1218.002/T1218.002.md) | Golden Ticket [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Password Policy Discovery](../../T1201/T1201.md) | Shared Webroot [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Email Collection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration to Code Repository [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | External Proxy [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Firmware Corruption [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 07cd63ca..d4d42e61 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -36597,6 +36597,33 @@ discovery: telnet #{host} #{port} nc -nv #{host} #{port} name: sh + - name: Port Scan NMap for Windows + auto_generated_guid: d696a3cb-d7a8-4976-8eb5-5af4abf2e3df + description: Scan ports to check for listening ports for the local host 127.0.0.1 + supported_platforms: + - windows + input_arguments: + file_name: + description: defining NMap install exe + type: path + default: "$env:temp\\nmap-7.80-setup.exe" + nmap_url: + description: defining nmap download url + type: url + default: https://nmap.org/dist/nmap-7.80-setup.exe + dependency_executor_name: powershell + dependencies: + - description: 'NMap must be installed at #{file_name}' + prereq_command: if (cmd /c "where nmap >nul 2>&1") {exit 0} else {exit 1} + get_prereq_command: |- + Invoke-WebRequest -OutFile "#{file_name}" #{nmap_url} + Start-Process #{file_name} /S + executor: + command: nmap 127.0.0.1 + cleanup_command: "try {Start-Process 'C:\\Program Files (x86)\\Nmap\\Uninstall.exe' + \"/S\"} catch{} \nRemove-Item #{file_name} -erroraction ignore" + name: powershell + elevation_required: true T1135: technique: id: attack-pattern--3489cfc5-640f-4bb3-a103-9137b97de79f diff --git a/atomics/T1046/T1046.md b/atomics/T1046/T1046.md index d2fc7dba..1ea586ae 100644 --- a/atomics/T1046/T1046.md +++ b/atomics/T1046/T1046.md @@ -10,6 +10,8 @@ Within cloud environments, adversaries may attempt to discover services running - [Atomic Test #2 - Port Scan Nmap](#atomic-test-2---port-scan-nmap) +- [Atomic Test #3 - Port Scan NMap for Windows](#atomic-test-3---port-scan-nmap-for-windows) +
@@ -86,4 +88,51 @@ echo "Install nmap on the machine to run the test."; exit 1; +
+
+ +## Atomic Test #3 - Port Scan NMap for Windows +Scan ports to check for listening ports for the local host 127.0.0.1 +**Supported Platforms:** Windows + + + + +#### Inputs: +| Name | Description | Type | Default Value | +|------|-------------|------|---------------| +| file_name | defining NMap install exe | path | $env:temp\nmap-7.80-setup.exe| +| nmap_url | defining nmap download url | url | https://nmap.org/dist/nmap-7.80-setup.exe| + + +#### Attack Commands: Run with `powershell`! Elevation Required (e.g. root or admin) + + +```powershell +nmap 127.0.0.1 +``` + +#### Cleanup Commands: +```powershell +try {Start-Process 'C:\Program Files (x86)\Nmap\Uninstall.exe' "/S"} catch{} +Remove-Item #{file_name} -erroraction ignore +``` + + + +#### Dependencies: Run with `powershell`! +##### Description: NMap must be installed at #{file_name} +##### Check Prereq Commands: +```powershell + +``` +##### Get Prereq Commands: +```powershell +Invoke-WebRequest -OutFile "#{file_name}" #{nmap_url} +Start-Process #{file_name} /S +``` + + + +
diff --git a/atomics/T1046/T1046.yaml b/atomics/T1046/T1046.yaml index dc2bc193..6ded3967 100644 --- a/atomics/T1046/T1046.yaml +++ b/atomics/T1046/T1046.yaml @@ -54,6 +54,7 @@ atomic_tests: nc -nv #{host} #{port} name: sh - name: Port Scan NMap for Windows + auto_generated_guid: d696a3cb-d7a8-4976-8eb5-5af4abf2e3df description: Scan ports to check for listening ports for the local host 127.0.0.1 supported_platforms: - windows diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt index f6de2561..718fd71b 100644 --- a/atomics/used_guids.txt +++ b/atomics/used_guids.txt @@ -550,3 +550,4 @@ d9841bf8-f161-4c73-81e9-fd773a5ff8c1 a123ce6a-3916-45d6-ba9c-7d4081315c27 a90c2f4d-6726-444e-99d2-a00cd7c20480 43f71395-6c37-498e-ab17-897d814a0947 +d696a3cb-d7a8-4976-8eb5-5af4abf2e3df