2cc0799284
add zloader test
2021-01-27 19:59:10 -07:00
3fe613c6dd
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-25 13:43:05 +00:00
3b9bddaf20
Ryuk ( #1376 )
...
* adjust for usability
* change executor
* add input arg
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-25 06:42:40 -07:00
0b39063268
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:46 +00:00
da83687a17
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:38 +00:00
373176bcba
T1490 - WBAdmin ( #1375 )
...
* Added wbadmin delete systemstatebackup
* Update T1490.yaml
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
2021-01-23 17:53:20 -07:00
57ba7350b8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-22 16:30:47 +00:00
22c65f4acd
Fix to Cleanup Command for T1003.002 Test Number 3 ( #1374 )
2021-01-22 09:30:13 -07:00
7570e02911
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-21 18:48:01 +00:00
89de74b637
Updated Offline Credential Theft with mimikatz ( #1373 )
...
Updated the command segment related to guid: 453acf13-1dbd-47d7-b28a-172ce9228023
Existing request URL path doesn't exist in gentilkiwi's repo. Added code segment will obtain the latest mimikatz_trunk.zip from the repo.
I have repurposed the code segment done by Xiang ZHU https://copdips.com/2019/12/Using-Powershell-to-retrieve-latest-package-url-from-github-releases.html to meet the requirements here.
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-21 11:47:28 -07:00
05d2071e23
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:31 +00:00
52945641c0
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:23 +00:00
63d1e555d4
MSbuild inline task using Visual Basic ( #1371 )
...
* add visual basic test
* correct comment
2021-01-20 16:26:45 -07:00
bc705cb7aa
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:14:46 +00:00
1f26ebdb6c
typo corrections ( #1367 )
...
addresses issues #1365
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-13 12:14:14 -07:00
fca809efa6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:12:56 +00:00
5c52612858
added details to the description ( #1366 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-13 12:12:24 -07:00
be8d3644f2
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:11:35 +00:00
06ce6b9f11
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:11:27 +00:00
030040bf73
Out minidump ( #1368 )
...
* Adding a test of Out-Minidump.ps1
Adding in a credential dumping test that leverages Out-Minidump.ps1 to dump the contents of lsass to disk for offline extraction
* Fixing cleanup path
Path is actually %TEMP%
Co-authored-by: jimmy astle <jastle@vmware.com >
2021-01-13 12:11:12 -07:00
471d30b4f3
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 03:23:42 +00:00
3f8e909392
T1560.001 prereqs tests1 2 4 ( #1363 )
...
* Update T1560.001.yaml
Changed Test 1 to do a silent install of winrar. Added prereqs to Test 2 to install winrar.
* Update T1560.001.yaml
Added prereq commands to Test 4 to download and install 7zip.
* Update T1560.001.yaml
changed command in test 4 to stop endlessly adding to archive new files
* Update T1560.001.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-12 20:22:57 -07:00
371eb3d609
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-11 03:40:28 +00:00
fa7f19ad7f
Update T1218.010.yaml ( #1364 )
...
Fix typo in command to avoid errors
2021-01-10 20:30:57 -07:00
9c1f9f733c
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:51:05 +00:00
18087c9ad8
Add DCShadow args for attribute and value ( #1362 )
...
It gives more choice in what to change instead of fixed "badpwdcount" and "9999"
Also rename "user" to "object" as it is more generic than only user objects
2021-01-08 09:50:18 -07:00
96f61076f9
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:42:27 +00:00
79f6986b1a
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:42:19 +00:00
42472533fa
Update T1048.003.yaml ( #1357 )
...
Hi,
I added two atomic tests for exfiltration using HTTP and SMTP.
1. Exfiltration Over Alternative Protocol - HTTP
2. Exfiltration Over Alternative Protocol - SMTP
Itamar
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:41:50 -07:00
c21c1ba13e
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:23:16 +00:00
a5af0cc644
Update T1218.010.yaml ( #1359 )
...
Modified T1218.010 to allow for modification of path and name of regsvr32.exe
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:22:48 -07:00
bbcf685889
Update T1055.cs ( #1361 )
...
dll was named incorrectly in .cs. Fixed and confirmed operational.
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:19:55 -07:00
c0591491f1
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:16:04 +00:00
39954ec1af
Update T1218.yaml ( #1360 )
...
Updated microsoft.workflow.compiler.exe test
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:15:29 -07:00
9660d0a33e
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:12:45 +00:00
abfd1e042b
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:12:36 +00:00
d721e09ede
Scriptcontrol ( #1348 )
...
* initial
* updates
* initial
* update
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* Update T1204.002.yaml
* Update T1204.002.yaml
* updates
* remove code
* correct url
* works with 32bit Chrome, simplified commands
Co-authored-by: avocado <avocados@smuggler.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:12:14 -07:00
5cc2b5a88d
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-07 16:43:14 +00:00
ed7d3faabd
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-07 16:43:06 +00:00
6f40ae85f5
solarigate atomic ( #1358 )
2021-01-07 09:42:43 -07:00
fb179a30a8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 19:39:15 +00:00
a3ad539a58
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 19:39:08 +00:00
7c1471c403
T1110.001: add test "Brute Force Credentials of single domain user via LDAP against domain controller (NTLM or Kerberos)" ( #1354 )
...
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com >
Co-authored-by: Clément Notin <clement.notin@alsid.com >
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com >
2021-01-06 12:38:52 -07:00
4dbcb20934
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:51:58 +00:00
a4ca274d7d
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:51:49 +00:00
c71444f1dc
T1110.003: add test "Password spray all domain users with a single password via LDAP against domain controller (NTLM or Kerberos)" ( #1349 )
...
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com >
Co-authored-by: Clément Notin <clement.notin@alsid.com >
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com >
2021-01-06 11:51:31 -07:00
0b9d36e786
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:47:31 +00:00
9a59eac0b8
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:47:22 +00:00
d5b6e69f89
T1003.006: add DCSync test ( #1352 )
...
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com >
Co-authored-by: Clément Notin <clement.notin@alsid.com >
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com >
2021-01-06 11:46:59 -07:00
603040c6e3
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:42:39 +00:00
Carrie Roberts