atomic-red-team

Author	SHA1	Message	Date
Will Urbanski	acda0a41f6	Fix off-by-one and misspelling (#1257 )	2020-10-15 10:22:38 -06:00
Bryan Richardson	7e7344f2c2	Add Golang repo to execution frameworks README (#1013 ) Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-07-20 14:46:26 -06:00
hypnoticpattern	41f553d7ef	Python runner checks dependencies and run cleanup (#1011 ) Co-authored-by: hypnoticpattern <> Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-05-26 12:44:05 -06:00
hypnoticpattern	00da62d1bb	Fix go-atomic.rb example method (#934 ) `List all accounts` doesn't exist; replaced the test with an existing one. Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-04-08 12:55:56 -06:00
Francisco Oca	159a477b99	Fixes #873 (#874 ) https://github.com/redcanaryco/atomic-red-team/issues/873	2020-03-12 20:13:36 -06:00
Carrie Roberts	cac20abd54	Remove old invoke (#858 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs * remove old invoke Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com> Co-authored-by: Keith McCammon <keith@redcanary.com>	2020-03-06 15:25:27 -07:00
Carrie Roberts	2a59d5525f	When invoking new process, set working dir to $env:temp (#821 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs * default working dir is tmp * default working dir is tmp Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-02-05 10:30:18 -07:00
Carrie Roberts	4955e67900	clarify use of Invoke-WebRequestVerifyHash (#823 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs * clarify use of Invoke-WebRequestVerifyHash Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-02-05 10:24:39 -07:00
Carrie Roberts	fe500be773	fix prereq bug for multi-line powershell (#815 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs * fix prereq bug for multi-line powershell Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-01-29 14:10:15 -07:00
Carrie Roberts	d0f818b011	correctly passing timeout through (#813 )	2020-01-28 16:40:13 -07:00
Carrie Roberts	b43af855ba	Only show cleanup (with inputs) if there are inputs (#792 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-01-24 09:19:10 -07:00
Andras32	e5ed8e7670	Fixed ExecutionLog TestName field (#796 )	2020-01-24 08:21:54 -07:00
Carrie Roberts	0dcde71a15	Asynchronous Attack Execution and other handy things (#790 ) * execute attack in separate process * install from custom repoOwner and branch * remove zip after install * added showdetails brief and sleep for linux output * remove positional param spec * replacing special PathToAtomicsFolder in commands * use pwsh on linux * kill proc tree linux * include path in remove-item * update readme * update readme * update readme Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>	2020-01-22 21:36:20 -06:00
Carrie Roberts	42afe34cd3	check for null commands (#787 )	2020-01-21 12:30:03 -06:00
Tony M Lambert	a4c9ee4430	Replay the Dependencies Merge (#786 ) * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url * fixing yaml spacing issue * correcting input name * rm to del Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-21 12:11:45 -06:00
Tony M Lambert	c3b398e48c	Revert "Add Dependencies section to test Yaml and support to use them… (#773 ) * Revert "Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772)" This reverts commit `511bb87af2`. * Generate docs from job=validate_atomics_generate_docs branch=revert-511bb87af29fb302dbd9e85bd93c2c00a47953ba	2020-01-09 09:12:38 -06:00
Carrie Roberts	511bb87af2	Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772 ) * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url	2020-01-09 07:36:07 -07:00
Carrie Roberts	5cd5133763	Admin not required to install atomic-red-team (#731 ) * no admin required for install * no admin required for install * update readme * update readme * update readme	2020-01-08 12:45:50 -07:00
FenQiDian	ab4c68b970	Execute powershell with "-Command -" arguments. Tell powershell to read scripts from stdin. (#727 )	2019-12-17 23:09:02 -07:00
Micheal Fleck	de8df502af	T1518 software discovery added test, cleanup (#718 ) * New test, spelling fix Added a test for all software installed and minor spelling fix * Spelling	2019-12-16 14:20:02 -07:00
Carrie Roberts	b85fe323b8	fix default PathToAtomicsFolder (#719 )	2019-12-11 19:20:00 -07:00
Fabricio Brunetti	8b61643f7f	Python framework: Fix multiline powershell scripts (#706 ) This fix is for many powershell based tests that have multiple lines, often setting variable names (some of them are T1101, T1098, T1084 and many more).	2019-12-03 12:49:57 -07:00
Carrie Roberts	3d06083dbe	-ShowDetails without adding '-InformationAction Continue' (#686 ) * ShowDetails without -InformationAction Contnue * ShowDetails without -InformationAction Contnue * ShowDetails without -InformationAction Contnue	2019-11-25 11:28:08 -06:00
Fabricio Brunetti	24415af3bb	Python execution framework fix: use any value type (#691 ) * Python execution framework fix: use any value type This change removes the function convert_to_right_type. Currently whenever a new parameter type is added (i.e. T1058 uses type "registry"), Python script runner crashes with "An error occurred while running the suite. Value type registry does not exist!". This wouldn't be a problem if the convert_to_right_type function did some real validation but as it stands today the function convert_to_right_type doesn't really do anything (except for casting integers into strings). If a type that needs some serious validation/conversion ever comes up the function may be reinstated. * Deleting convert_to_right_type function	2019-11-25 10:10:55 -07:00
Andras32	1b05ec3b29	Added Hostname to ExecutionLog (#688 ) * Added Hostname to ExecutionLog * added username	2019-11-22 12:57:29 -07:00
Carrie Roberts	8b64037681	remove atomic-red-team-master folder from install (#689 ) * remove extra atomic-red-team-master folder for install * remove extra atomic-red-team-master folder for install	2019-11-22 11:57:30 -07:00
Fabricio Brunetti	a49e529a34	Leverage PathToAtomicsFolder in Python framework (#675 ) Parsing the command to replace PathToAtomicsFolder variable. Can-t use environment variables as some Powershell based tests use "$PathToAtomicsFolder". I admit that it-s a bit hackish but I think it-s the most straightforward way to handle this without going through a major refactor of this framework	2019-11-19 15:20:59 -07:00
Carrie Roberts	c86cb7ddbf	a little bug fix (#665 ) * a little bug fix * remove invoke call at the end	2019-11-15 07:05:02 -07:00
san-gwea	33d20ffb7c	show executor and privilege requirement (#662 )	2019-11-14 21:59:12 -07:00
fabamatic	3311f02362	Adding .yaml integer parser to python runner (#639 ) This change is to be able to execute tests contained in T1055.yaml and T1071.yaml. Will also cover any future tests that may use that data type as argument.	2019-11-14 20:43:41 -07:00
Andras32	e7e3b5f343	++ before check (#650 )	2019-11-12 13:16:04 -07:00
Andrew Beers	c3183a36fa	remove development section, Carrie's new instructions cover it (#638 )	2019-11-12 00:21:34 -07:00
derekenjibowden	c6ea937fb4	Fix show details bug (#647 ) check prereqs with -showdetails was executing the prereq command instead of showing the details	2019-11-11 23:26:33 -07:00
Andras32	6c3da68741	Multi platform invoke art (#641 ) * Non-Windows OS Support Added OS Identification to determine tests to run Added SH and Bash executors for Linux and MacOS Changed some Print statement oddities in ART Updated Installation script to work on non-windows machines * Updated Documentation Edited the readme to be more OS neutral Added information for the -force option in the installer Added instructions for downloading powershell core on Mac and Linux * Last Bugs added chown to install script * Install -force test install path if (Test-Path $InstallPath){ Remove-Item -Path $InstallPath -Recurse -Force -ErrorAction Stop \| Out-Null } * minor changes Write-Host error messages Installer - Import-Module $modulePath -Force * Chown weird on MacOS chown -R $env:SUDO_USER $InstallPath * README edits clearing up $home $homedrive shenanigans * \n in mardown issues * Readme edits #2	2019-11-11 14:26:23 -07:00
Andrew Beers	8e8222e06a	add invoke-atomictest to main page readme (#629 ) * add invoke-atomictest to main page readme * add instructions for running it more smoothely when cloned form github * Update README.md * Update README.md	2019-11-10 19:53:12 -06:00
Tony M Lambert	6ea465cf61	Fixed URL for Install-AtomicRedTeam (#632 )	2019-11-10 18:43:28 -07:00
Carrie Roberts	a611d8926b	Expanding the Execution Frameworks Read me (#619 ) * updating execution-frameworks readme * updating execution-frameworks readme	2019-11-08 11:59:05 -06:00
Carrie Roberts	ed5f9deccc	remove deprecated code (#620 )	2019-11-08 11:58:07 -06:00
Carrie Roberts	c53e73ed96	Readme documents required Import-Module command (#622 ) * notes on importing module * notes on importing module	2019-11-08 11:57:08 -06:00
Carrie Roberts	d73dc8f041	fix bug: returns null except on PS Core or PS v7 (#624 )	2019-11-08 11:56:01 -06:00
Carrie Roberts	49ccc8e366	new default PathToAtomicsFolder value (#623 ) * new default PathToAtomicsFolder value * better way to handle custom default path to atomics * better way to handle custom default path to atomics	2019-11-08 11:50:31 -06:00
Carrie Roberts	9bcb47ed3e	warn if running admin test without admin (#616 )	2019-11-06 14:07:27 -07:00
Carrie Roberts	e68527d975	PathToAtomicsFolder Input Parameters auto-replaced with actual path (#613 )	2019-11-06 12:53:20 -07:00
Carrie Roberts	c903c6c00e	log minutes correctly (#591 )	2019-10-21 15:03:09 -06:00
Carrie Roberts	3d839e7bd6	handle spaces in input param defaults (#590 )	2019-10-21 15:02:04 -06:00
Andras32	0197987d18	Added MacOS and Linux isElevated check [todo: test MacOS] (#565 ) * Added MacOS and Linux isElevated check [toso: test MacOS] * Update Invoke-AtomicTest.ps1 * Update Invoke-AtomicTest.ps1 * Update Invoke-AtomicTest.ps1	2019-09-17 13:11:19 -06:00
Carrie Roberts	3c644cc523	installer cleanup (#560 )	2019-09-12 15:02:29 -06:00
Carrie Roberts	30411b7db8	rename InputParameters to InputArgs (#558 )	2019-09-06 19:36:02 -06:00
Carrie Roberts	3b784d023c	readme updates/fixes (#557 )	2019-09-06 11:28:13 -06:00
Carrie Roberts	0110ceec98	pipe file creation output to out-null (#556 )	2019-09-05 17:38:54 -06:00

1 2 3

106 Commits