security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-07-05 16:44:42 +00:00
parent 7a4ddc4f7d
commit f839852779
12 changed files with 69 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -2,7 +2,7 @@
# Atomic Red Team
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1594-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1595-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
Atomic Red Team™ is a library of tests mapped to the
[MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/index.csv
+1
View File
@@ -1824,6 +1824,7 @@ discovery,T1614.001,System Location Discovery: System Language Discovery,3,Disco
discovery,T1614.001,System Location Discovery: System Language Discovery,4,Discover System Language with localectl,07ce871a-b3c3-44a3-97fa-a20118fdc7c9,sh
discovery,T1614.001,System Location Discovery: System Language Discovery,5,Discover System Language by locale file,5d7057c9-2c8a-4026-91dd-13b5584daa69,sh
discovery,T1614.001,System Location Discovery: System Language Discovery,6,Discover System Language by Environment Variable Query,cb8f7cdc-36c4-4ed0-befc-7ad7d24dfd7a,sh
discovery,T1614.001,System Location Discovery: System Language Discovery,7,Discover System Language with dism.exe,69f625ba-938f-4900-bdff-82ada3df5d9c,command_prompt
discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
discovery,T1012,Query Registry,2,Query Registry with Powershell cmdlets,0434d081-bb32-42ce-bcbb-3548e4f2628f,powershell
discovery,T1012,Query Registry,3,Enumerate COM Objects in Registry with Powershell,0d80d088-a84c-4353-af1a-fc8b439f1564,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1824 discovery T1614.001 System Location Discovery: System Language Discovery 4 Discover System Language with localectl 07ce871a-b3c3-44a3-97fa-a20118fdc7c9 sh
1825 discovery T1614.001 System Location Discovery: System Language Discovery 5 Discover System Language by locale file 5d7057c9-2c8a-4026-91dd-13b5584daa69 sh
1826 discovery T1614.001 System Location Discovery: System Language Discovery 6 Discover System Language by Environment Variable Query cb8f7cdc-36c4-4ed0-befc-7ad7d24dfd7a sh
1827 discovery T1614.001 System Location Discovery: System Language Discovery 7 Discover System Language with dism.exe 69f625ba-938f-4900-bdff-82ada3df5d9c command_prompt
1828 discovery T1012 Query Registry 1 Query Registry 8f7578c4-9863-4d83-875c-a565573bbdf0 command_prompt
1829 discovery T1012 Query Registry 2 Query Registry with Powershell cmdlets 0434d081-bb32-42ce-bcbb-3548e4f2628f powershell
1830 discovery T1012 Query Registry 3 Enumerate COM Objects in Registry with Powershell 0d80d088-a84c-4353-af1a-fc8b439f1564 powershell
atomics/Indexes/Indexes-CSV/windows-index.csv
+1
View File
@@ -1209,6 +1209,7 @@ discovery,T1201,Password Policy Discovery,10,Enumerate Active Directory Password
discovery,T1201,Password Policy Discovery,11,Use of SecEdit.exe to export the local security policy (including the password policy),510cc97f-56ac-4cd3-a198-d3218c23d889,command_prompt
discovery,T1614.001,System Location Discovery: System Language Discovery,1,Discover System Language by Registry Query,631d4cf1-42c9-4209-8fe9-6bd4de9421be,command_prompt
discovery,T1614.001,System Location Discovery: System Language Discovery,2,Discover System Language with chcp,d91473ca-944e-477a-b484-0e80217cd789,command_prompt
discovery,T1614.001,System Location Discovery: System Language Discovery,7,Discover System Language with dism.exe,69f625ba-938f-4900-bdff-82ada3df5d9c,command_prompt
discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
discovery,T1012,Query Registry,2,Query Registry with Powershell cmdlets,0434d081-bb32-42ce-bcbb-3548e4f2628f,powershell
discovery,T1012,Query Registry,3,Enumerate COM Objects in Registry with Powershell,0d80d088-a84c-4353-af1a-fc8b439f1564,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1209 discovery T1201 Password Policy Discovery 11 Use of SecEdit.exe to export the local security policy (including the password policy) 510cc97f-56ac-4cd3-a198-d3218c23d889 command_prompt
1210 discovery T1614.001 System Location Discovery: System Language Discovery 1 Discover System Language by Registry Query 631d4cf1-42c9-4209-8fe9-6bd4de9421be command_prompt
1211 discovery T1614.001 System Location Discovery: System Language Discovery 2 Discover System Language with chcp d91473ca-944e-477a-b484-0e80217cd789 command_prompt
1212 discovery T1614.001 System Location Discovery: System Language Discovery 7 Discover System Language with dism.exe 69f625ba-938f-4900-bdff-82ada3df5d9c command_prompt
1213 discovery T1012 Query Registry 1 Query Registry 8f7578c4-9863-4d83-875c-a565573bbdf0 command_prompt
1214 discovery T1012 Query Registry 2 Query Registry with Powershell cmdlets 0434d081-bb32-42ce-bcbb-3548e4f2628f powershell
1215 discovery T1012 Query Registry 3 Enumerate COM Objects in Registry with Powershell 0d80d088-a84c-4353-af1a-fc8b439f1564 powershell
atomics/Indexes/Indexes-Markdown/index.md
+1
View File
@@ -2503,6 +2503,7 @@
- Atomic Test #4: Discover System Language with localectl [linux]
- Atomic Test #5: Discover System Language by locale file [linux]
- Atomic Test #6: Discover System Language by Environment Variable Query [linux]
- Atomic Test #7: Discover System Language with dism.exe [windows]
- [T1012 Query Registry](../../T1012/T1012.md)
- Atomic Test #1: Query Registry [windows]
- Atomic Test #2: Query Registry with Powershell cmdlets [windows]
atomics/Indexes/Indexes-Markdown/windows-index.md
+1
View File
@@ -1734,6 +1734,7 @@
- [T1614.001 System Location Discovery: System Language Discovery](../../T1614.001/T1614.001.md)
- Atomic Test #1: Discover System Language by Registry Query [windows]
- Atomic Test #2: Discover System Language with chcp [windows]
- Atomic Test #7: Discover System Language with dism.exe [windows]
- [T1012 Query Registry](../../T1012/T1012.md)
- Atomic Test #1: Query Registry [windows]
- Atomic Test #2: Query Registry with Powershell cmdlets [windows]
atomics/Indexes/index.yaml
+15
View File
@@ -103644,6 +103644,21 @@ discovery:
printenv LANG
set | grep LANG
name: sh
- name: Discover System Language with dism.exe
auto_generated_guid: 69f625ba-938f-4900-bdff-82ada3df5d9c
description: 'The Windows utility DISM (Deployment Image Servicing and Management)
can be used to display information about international settings and languages
on the currently installed Windows image using an elevated terminal.
'
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: 'dism.exe /online /Get-Intl
'
T1012:
technique:
modified: '2023-05-09T14:00:00.188Z'
atomics/Indexes/windows-index.yaml
+15
View File
@@ -84522,6 +84522,21 @@ discovery:
'
name: command_prompt
- name: Discover System Language with dism.exe
auto_generated_guid: 69f625ba-938f-4900-bdff-82ada3df5d9c
description: 'The Windows utility DISM (Deployment Image Servicing and Management)
can be used to display information about international settings and languages
on the currently installed Windows image using an elevated terminal.
'
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: 'dism.exe /online /Get-Intl
'
T1012:
technique:
modified: '2023-05-09T14:00:00.188Z'
atomics/T1614.001/T1614.001.md
+30
View File
@@ -22,6 +22,8 @@ On a macOS or Linux system, adversaries may query <code>locale</code> to retriev
- [Atomic Test #6 - Discover System Language by Environment Variable Query](#atomic-test-6---discover-system-language-by-environment-variable-query)
- [Atomic Test #7 - Discover System Language with dism.exe](#atomic-test-7---discover-system-language-with-dismexe)
<br/>
@@ -240,4 +242,32 @@ exit 1
<br/>
<br/>
## Atomic Test #7 - Discover System Language with dism.exe
The Windows utility DISM (Deployment Image Servicing and Management) can be used to display information about international settings and languages on the currently installed Windows image using an elevated terminal.
**Supported Platforms:** Windows
**auto_generated_guid:** 69f625ba-938f-4900-bdff-82ada3df5d9c
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
```cmd
dism.exe /online /Get-Intl
```
<br/>
atomics/T1614.001/T1614.001.yaml
+1
View File
@@ -104,6 +104,7 @@ atomic_tests:
set | grep LANG
name: sh
- name: Discover System Language with dism.exe
auto_generated_guid: 69f625ba-938f-4900-bdff-82ada3df5d9c
description: |
The Windows utility DISM (Deployment Image Servicing and Management) can be used to display information about international settings and languages on the currently installed Windows image using an elevated terminal.
supported_platforms:
atomics/used_guids.txt
+1
View File
@@ -1632,3 +1632,4 @@ e5d95be6-02ee-4ff1-aebe-cf86013b6189
fc369906-90c7-4a15-86fd-d37da624dde6
10cf5bec-49dd-4ebf-8077-8f47e420096f
6f899f9d-8a8e-4143-89a5-26fc2c3ec438
69f625ba-938f-4900-bdff-82ada3df5d9c