* Added ghost task test
* Minor improvements to documentation and test design.
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.
This also fixes some white space issues and general line formatting across all impacted atomics.
* fix: One additional change needed
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1053.005.yaml
Created cleanup command for T1053.005-Task Scheduler via VBA-Cleanup commands created
* Update T1053.005.yaml
Fixed syntax error.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Surround time variable in single quotes
The time in the YAML file should be wrapped in single quotes due to the colon being interpreted to have special meaning.
* Update T1053.005.yaml
Fixed parameters versus command logic
* Atomic that mimics recent Qakbot behavior
* small edits
removed elevation_required, shortened test name, made some readability updates.
Co-authored-by: Wilson <SWilson@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Updated format of input_argument types for Url
* Updated type for input_arguments to Url (missed)
* Updating Path type for input_arguments
* Updated String type for input_arguments
* Missed a few Strings and Url types
* Updated default values for input_arguments to align with their types
* Updated Integer type for input_arguments
* Updated formatting and spacing of atomics
* Update T1204.002.md
Added lines to each test using IWR for invoke-webrequest to set the acceptable TLS versions for the commands to complete successfully by prepending the tests with
```[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12```
* Update T1555.yaml
added line to set ssl/tls version
* Update T1134.001.yaml
updated IWR lines to allow ssl/tls version 1.2
* Update T1069.002.yaml
added lines to every IWR instance to set ssl/tls version to 1.2
* Update T1558.003.yaml
added line to allow TLS/SSL 1.2
* Update T1033.yaml
added command to enable SSL/TLS v1.2
* Update T1055.012.yaml
added command to enable TLS/SSL v1.2
* Update T1115.yaml
Added command to enable SSL/TLS v1.2
* Update T1070.001.yaml
added command enabling SSL/TLS v 1.2
* Update T1564.yaml
added commands to enable SSL/TLS v 1.2
* Update T1566.001.yaml
added command to enable SSL/TLS V1.2
* Update T1135.yaml
added command to enable SSL/TLS v1.2
* Update T1055.yaml
added commands to enable TLS/SSL v 1.2
* Update T1110.003.yaml
added command to enable TLS/SSL v1.2
* Update T1003.yaml
Added command to enable TLS/SSL v1.2
* Update T1053.005.yaml
added command to enable TLS/SSL v1.2
* Update T1003.001.yaml
added commands to enable TLS/SSL v1.2 for any command using invoke-webrequest
* Update T1069.002.yaml
syntax correction
* Update T1134.001.yaml
syntax correction
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Atomic Red Team doc generator