security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,508 Commits 47 Branches 0 Tags
AutoSUID_linux
Commit Graph

71 Commits

Author SHA1 Message Date
CircleCI Atomic Red Team doc generator 51e66c9ab6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-29 19:20:49 +00:00
CircleCI Atomic Red Team GUID generator 8863882725 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-29 19:20:42 +00:00
Jay_darknight 8abff96c87 Added a new test for T1105 - cmdl32 LolBins (#1744) 
* Added a new test for T1105 - cmdl32 LolBins

* Added references

* chaning the bin folder to src based on suggesstion from clr2of8

* deleted bin

* changed the path for input arguments

Co-authored-by: Jayaram Rajamurugan <jrajamurugan@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-01-29 13:20:16 -06:00
CircleCI Atomic Red Team doc generator 8985aaf0f0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-09 18:42:48 +00:00
Carrie Roberts 5bb5878e62 Cleaning up the Cleanup commands (#1685) 
* cleanup fixes

* cleanup fixes

* cleanup fixes
 2021-12-09 11:42:14 -07:00
CircleCI Atomic Red Team doc generator e9f25c654a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-11-15 16:09:56 +00:00
CircleCI Atomic Red Team GUID generator 080294af8e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-11-15 16:09:51 +00:00
Michael Haag df76fb17bd Curl - Upload a file (#1665) 
* T1105 - Curl for Windows

* Update T1105.yaml

* T1105 - Upload with Curl

* Update T1105.yaml

* Removed cleanup
 2021-11-15 09:09:21 -07:00
CircleCI Atomic Red Team doc generator 1bd61011ca Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-10-21 20:42:25 +00:00
CircleCI Atomic Red Team GUID generator 008a484545 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-10-21 20:42:20 +00:00
Michael Haag 5906bbec70 T1105 - Curl for Windows (#1653) 
* T1105 - Curl for Windows

* Update T1105.yaml

* ignore cleanup errors

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-10-21 14:41:48 -06:00
CircleCI Atomic Red Team doc generator ba0b1a3c35 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-09 18:02:46 +00:00
CircleCI Atomic Red Team GUID generator 356a8bbe88 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-09 18:02:40 +00:00
Brian Thacker 6d46517d6f T1105 add test download with imewdbld (#1621) 
* Add test "Download a file with IMEWDBLD.exe"

IMEWDBLD.exe can be used to download files from third party websites. This will throw an error for an invalid dictionary but the file will still be downloaded.
Commands to execute this activity and cleanup commands added.
Cleanup commands call on cmd.exe because PowerShell by default would not remove those files.
Disclosed by https://twitter.com/notwhickey
https://twitter.com/notwhickey/status/136749340683504026

* Update T1105.yaml

fixed typo test 17

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-09-09 12:02:26 -06:00
CircleCI Atomic Red Team doc generator bc21f59ff0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-04 00:21:31 +00:00
Josh Rickard 1513717eb2 Updating atomics to conform to standard (#1619) 
* Updated format of input_argument types for Url

* Updated type for input_arguments to Url (missed)

* Updating Path type for input_arguments

* Updated String type for input_arguments

* Missed a few Strings and Url types

* Updated default values for input_arguments to align with their types

* Updated Integer type for input_arguments

* Updated formatting and spacing of atomics
 2021-09-03 18:20:46 -06:00
CircleCI Atomic Red Team doc generator 6bd522644a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-07-28 22:27:19 +00:00
CircleCI Atomic Red Team GUID generator fa11adb617 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-07-28 22:27:13 +00:00
lexiechong 63d97dad98 Update T1105 to include file download using finger (#1578) 2021-07-28 16:26:54 -06:00
CircleCI Atomic Red Team doc generator 5956ac532b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-07-27 14:42:34 +00:00
Adam Mashinchi e8899b4df6 Additional PowerShell Download in T1105 2021-07-26 13:00:42 -07:00
CircleCI Atomic Red Team doc generator 36d49de4c8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-24 17:04:33 +00:00
CircleCI Atomic Red Team doc generator 575b36a8e6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-24 15:16:54 +00:00
CircleCI Atomic Red Team doc generator 1219378ebd Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 15:08:12 +00:00
CircleCI Atomic Red Team GUID generator 78bb39a82d Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 15:08:05 +00:00
rctgardner 1531e9d3f0 fix t1105 indent 2021-06-11 15:26:30 -06:00
rctgardner b7eee5a06d preserving exit code if whois ends early 2021-06-09 16:02:14 -06:00
rctgardner 1a3c693394 added 'whois file download' test to T1005 2021-06-09 13:28:07 -06:00
CircleCI Atomic Red Team doc generator 910a2a764a Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-29 13:53:28 +00:00
CircleCI Atomic Red Team doc generator 115bb861b7 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-04 17:21:36 +00:00
Jesse Moore ef53a91332 T1105.002 mp cmd run (#1214) 
* Update T1105.yaml

Add MpCmdRun Windows Defender LOLB

* Update T1105.yaml

Corrected input and yaml spacing

* Update T1105.yaml

Added PreReq exit else
And better description with URL

* Update T1105.yaml

Carrie added enhancements. Thank you Carrie!

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-04 11:21:08 -06:00
CircleCI Atomic Red Team doc generator 7e4580a1e8 Generate docs from job=validate_atomics_generate_docs branch=master 2020-07-08 21:16:22 +00:00
Hare Sudhan Muthusamy 02ac2deb4f Cleanup fixes (#1108) 
* Cleanup Fixes

* Wrong executor name and missing $ sign in T1553

* Cleanup fixes

* File checks added

* File path error check changed
 2020-07-08 15:15:52 -06:00
CircleCI Atomic Red Team doc generator 29a03fd33d Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-19 22:50:36 +00:00
Clément Notin 923a3beeaf T1105: add cleanup to tests 7 & 8 (#1047) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-06-19 16:50:16 -06:00
CircleCI Atomic Red Team doc generator 726677c8a8 Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-19 22:28:22 +00:00
Clément Notin 60f399cdca T1105: fix bitsadmin local_path (#1051) 
Absolute path is required

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-06-19 16:28:03 -06:00
CircleCI Atomic Red Team doc generator 8a82e9b66a Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-18 01:57:35 +00:00
Carrie Roberts 24549e3866 Convert to Mitre ATT&CK sub-technique schema (#1056) 
* Initial transfer of atomics to MITRE subtechniques

* Add GUIDs back in, attack_technique to string (#1019)

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* Subtechnique transfer T1220-T1546.005 (#1020)

* Create T1222.001.yaml

* Create T1222.002.yaml

* Create T1505.002.yaml

* Update T1543.003.yaml

* Update AtomicService.cs

* Update T1546.005.yaml

* Delete T1222.yaml

* Update T1482.yaml

* Update T1485.yaml

* Update T1220.yaml

* Update T1489.yaml

* Update T1490.yaml

* Update T1496.yaml

* Update T1505.003.yaml

* Update T1505.yaml

* Update T1518.001.yaml

* Update T1518.yaml

* Update T1529.yaml

* Update T1543.004.yaml

* Update T1546.001.yaml

* Update T1546.002.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.002.yaml

* Update T1543.001.yaml

* Update T1518.001.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1531.yaml

* Update T1222.001.yaml

* Update T1222.002.yaml

* Update T1505.002.yaml

* Update T1505.003.yaml

* Update T1518.001.yaml

* Update T1543.001.yaml

* Update T1546.005.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.003.yaml

* Update T1543.002.yaml

* added auto_generated_guid 1220

* added T1222.001 auto_generated_guid

* Update T1222.002.yaml

added   auto_generated_guid entries

* Update T1482.yaml

  auto_generated_guid added

* Update T1485.yaml

added   auto_generated_guids

* Update T1489.yaml

added   auto_generated_guids

* Update T1490.yaml

added   auto_generated_guids

* Update T1496.yaml

added   auto_generated_guid

* Update T1505.002.yaml

added   auto_generated_guid from old T1505 same atomic

* Update T1505.003.yaml

added  auto_generated_guid from previous atomic 1100

* Delete T1505.yaml

no longer needed, moved to 1505.002

* Update T1518.yaml

added  auto_generated_guids

* Update T1529.yaml

added   auto_generated_guids

* Update T1531.yaml

added   auto_generated_guids

* Update T1543.001.yaml

added   auto_generated_guid

* Update T1543.002.yaml

added   auto_generated_guid

* Update T1543.004.yaml

added   auto_generated_guid

* Update T1546.001.yaml

added   auto_generated_guid

* Update T1546.002.yaml

added   auto_generated_guid

* Update T1546.003.yaml

* Update T1546.004.yaml

added  auto_generated_guid

* Update T1546.005.yaml

added  auto_generated_guid

* add guids back in

* fix spacing issue

* fix spacing

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Sub-techniques T1053-T1113 - Updates (#1022)

* Sub-techniques T1053-T1113 - Updates

Updated techniques for sub-techniques.

* minor fixes

format fixing

* Added GUIDs

- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string

* Sub-technique updates T1546.008 through T1574.011 (#1024)

* sub technique updates

* sub technique updates

* sub technique updates

* Carrie updates (#1017)

* updated T1110,12,13

* updated T1114

* updated T1114

* updated T1115

* updated T1119

* updated T1123,24

* updated T1127

* updated T1114

* updated T1127

* updated T1132

* T1134.004

* T1134.004

* updated T1135

* updated T1136

* updated T1137

* updated T1140

* remove depracted T1153

* updated T1176

* updated T1197

* updated T1201

* updated T1202

* updated T1204

* updated T1207

* updated T1216

* updated T1204

* updated T1217

* updated T1218

* updated T1218

* updated T1219

* updated T1218

* attack_technique to string

* Subtechnique transfer (#1025)

* T1003 review

* T1005 manual review changes

* T1027.002 sub-technique review

* T1027.004 sub-technique review

* T1036 sub-technique review

* T1037 sub-technique review

* T1048 sub-technique review

* YAML bugfixes

* Adding auto-generated GUIDs back to tests

* merging with Mike's PR

* Merging with Carrie's PR

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Subtechnique fix (#1026)

* add atomic_tests: element

* add atomic_tests: element

* more fixes

* more fixes

* more fixes

* sub technique minor fixes 1 (#1027)

* fixes

* fixes

* more fixes

* more fixes

* display name fix (#1028)

* remove some deprecated stuff. reorganize a little (#1031)

* Gendocs fix (#1033)

* gendocs updates for subtechniques

* add folders

* ignore auto generated markdown files

* remove tmp files

* add tmp files

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

* navigator layer v3.0

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com>
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-06-17 12:55:46 -06:00
CircleCI Atomic Red Team doc generator f1cc467b21 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-20 15:58:43 +00:00
Andrew Beers f8cd169ca3 Move test to T1105 (#1000) 2020-05-20 09:58:20 -06:00
CircleCI Atomic Red Team doc generator 35c42f2c61 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 17:19:25 +00:00
Carrie Roberts 71223b2514 backslash fix for markdown (#881) 2020-03-16 08:50:43 -06:00
Carrie Roberts 6ec7d4bcf0 Specify language for markdown code blocks (#882) 
* specify code block type in markdown

* specify code block type in markdown
 2020-03-16 08:46:25 -06:00
CircleCI Atomic Red Team doc generator 2f778f359e Generate docs from job=validate_atomics_generate_docs branch=master 2020-03-10 23:06:25 +00:00
JrOrOneEquals1 3fa4dd1c9e Fixed cleanup commands (#869) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-03-10 17:06:14 -06:00
CircleCI Atomic Red Team doc generator 723426c15d Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-24 19:30:29 +00:00
blackburnjrb 8762f3f929 Added Test for OSTAP Worming Activity to T1105 (#836) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-24 12:29:51 -07:00
CircleCI Atomic Red Team doc generator 73eb6cdd8c Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-06 15:16:46 +00:00
tlor89 cbb1133b91 T1105-Update (#826) 
* Added executor fix cleanup command and Temp local path

* changed local_path variable name

* circleCI syntax error PowerShell

* massage
 2020-02-06 08:16:27 -07:00