* This should be a short message describing what changed.
* The new process injection technique: RWX injection AKA Mockingjay under T1055
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Add new T1055 process injection test named dirty vanity
* Fix typos
* Update build.bat
* Delete atomics/T1055/T1055.yaml.bak
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.
This also fixes some white space issues and general line formatting across all impacted atomics.
* fix: One additional change needed
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Updated format of input_argument types for Url
* Updated type for input_arguments to Url (missed)
* Updating Path type for input_arguments
* Updated String type for input_arguments
* Missed a few Strings and Url types
* Updated default values for input_arguments to align with their types
* Updated Integer type for input_arguments
* Updated formatting and spacing of atomics
* Update T1204.002.md
Added lines to each test using IWR for invoke-webrequest to set the acceptable TLS versions for the commands to complete successfully by prepending the tests with
```[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12```
* Update T1555.yaml
added line to set ssl/tls version
* Update T1134.001.yaml
updated IWR lines to allow ssl/tls version 1.2
* Update T1069.002.yaml
added lines to every IWR instance to set ssl/tls version to 1.2
* Update T1558.003.yaml
added line to allow TLS/SSL 1.2
* Update T1033.yaml
added command to enable SSL/TLS v1.2
* Update T1055.012.yaml
added command to enable TLS/SSL v1.2
* Update T1115.yaml
Added command to enable SSL/TLS v1.2
* Update T1070.001.yaml
added command enabling SSL/TLS v 1.2
* Update T1564.yaml
added commands to enable SSL/TLS v 1.2
* Update T1566.001.yaml
added command to enable SSL/TLS V1.2
* Update T1135.yaml
added command to enable SSL/TLS v1.2
* Update T1055.yaml
added commands to enable TLS/SSL v 1.2
* Update T1110.003.yaml
added command to enable TLS/SSL v1.2
* Update T1003.yaml
Added command to enable TLS/SSL v1.2
* Update T1053.005.yaml
added command to enable TLS/SSL v1.2
* Update T1003.001.yaml
added commands to enable TLS/SSL v1.2 for any command using invoke-webrequest
* Update T1069.002.yaml
syntax correction
* Update T1134.001.yaml
syntax correction
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Moving mavinject test to T1055.001 and src cleanup #1404
* Adding Windows Command Prompt test
* Adding rundll32.exe test
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Since the user is admin the debug privilege is automatically obtained when necessary for the injection
The TTP is also clearer because mimikatz runs as the current user (used for psexec) and not as SYSTEM
Atomic Red Team doc generator