5ede8f21e4
Generated docs from job=generate-docs branch=master [ci skip]
2025-02-13 22:03:40 +00:00
77a44aea50
Generated docs from job=generate-docs branch=master [ci skip]
2024-02-22 17:37:16 +00:00
ed31f26ba9
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-02-22 17:37:00 +00:00
8f71cf4d53
SOAPHound ( #2689 )
...
* SOAPHound
* Updates
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-02-22 11:36:17 -06:00
a840cf6245
Generated docs from job=generate-docs branch=master [ci skip]
2024-02-21 16:26:59 +00:00
af13a59177
remove atomic w/broken bitly link ( #2693 )
2024-02-21 11:25:36 -05:00
ed9cb8cdc7
Generated docs from job=generate-docs branch=master [ci skip]
2024-01-31 23:27:05 +00:00
dc264a80f4
Added T1562.010 Test for PowerShell v2 Downgrade ( #2670 )
...
* Added T1562.010 Test for PowerShell v2 Downgrade
* Remove PowerShell Downgrade Attack atomic from T1059.001.yaml
2024-01-31 17:22:30 -06:00
36e59074bb
Generated docs from job=generate-docs branch=master [ci skip]
2023-10-12 03:37:29 +00:00
cb70464f85
catch execution errors ( #2564 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2023-10-11 21:36:32 -06:00
a77383047f
Generated docs from job=generate-docs branch=master [ci skip]
2023-07-12 02:38:27 +00:00
a7e5260a93
Add reg.exe force swith ( #2477 )
...
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-07-11 20:36:53 -06:00
868f5477f6
Generated docs from job=generate-docs branch=master [ci skip]
2023-06-15 19:53:19 +00:00
586818a01f
use ExternalPayloads folder ( #2462 )
...
* use ExternalPayloads folder
* psexec as external dependency
* psexec as external dependency
2023-06-15 13:52:16 -06:00
16594d72c5
Generated docs from job=generate-docs branch=master [ci skip]
2023-02-13 23:11:19 +00:00
a5dd0813cd
fix: Updating atomics YAML file structure to align with the new JSON schema definition ( #2323 )
...
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.
This also fixes some white space issues and general line formatting across all impacted atomics.
* fix: One additional change needed
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-02-13 16:10:37 -07:00
2fadd2287c
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-16 21:55:22 +00:00
c17eeb2b66
move reference to description ( #2257 )
2022-12-16 16:54:51 -05:00
13e23151c8
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-16 20:27:20 +00:00
7fd3529b28
Update for name: Abuse Nslookup with DNS Records ( #2248 )
...
* Update for name: Abuse Nslookup with DNS Records
* custom nslookup function
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-12-16 15:26:42 -05:00
c55f3ecce0
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-07 21:25:36 +00:00
ee954d215c
mv 2 1547 tests to 1546 ( #2223 )
2022-11-07 14:25:09 -07:00
d0dad62dbc
Generated docs from job=generate-docs branch=master [ci skip]
2022-09-23 22:57:18 +00:00
27482c6076
fix: broken urls for embedded files and test script ( #2045 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-07-25 14:02:10 -06:00
819934cc3f
Generated docs from job=generate-docs branch=master [ci skip]
2022-06-16 22:47:00 +00:00
e0b6ebd6c7
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-09-15 14:07:26 +00:00
fd9667ae0c
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-09-15 14:07:20 +00:00
f891465d8d
Add PowerUp Invoke-AllChecks ( #1629 )
2021-09-15 08:06:46 -06:00
bc21f59ff0
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-09-04 00:21:31 +00:00
1513717eb2
Updating atomics to conform to standard ( #1619 )
...
* Updated format of input_argument types for Url
* Updated type for input_arguments to Url (missed)
* Updating Path type for input_arguments
* Updated String type for input_arguments
* Missed a few Strings and Url types
* Updated default values for input_arguments to align with their types
* Updated Integer type for input_arguments
* Updated formatting and spacing of atomics
2021-09-03 18:20:46 -06:00
fa1709c415
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-07-27 15:25:46 +00:00
5f79e55dd6
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-07-27 15:25:40 +00:00
e4b9e082e9
T1059.001_Update ( #1564 )
...
* T1059.001_Update
* Update T1059.001.yaml
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-07-27 09:25:16 -06:00
29a063b40b
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-07-27 14:47:14 +00:00
0960fca14e
Update T1059.001.yaml
...
Removing extra space in line 379
2021-07-27 09:47:29 -04:00
ba20bcd95a
Add obfuscated PowerShell to T1059.001
...
Additional obfuscated PowerShell example.
2021-07-26 12:52:18 -07:00
36d49de4c8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-24 17:04:33 +00:00
575b36a8e6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-24 15:16:54 +00:00
0ff4aada24
Generate docs from job=validate_atomics_generate_docs branch=ATHPowerShellCommandLineParamter
2020-11-09 16:41:52 +00:00
9593944c8a
Update T1059.001.yaml
...
The following [AtomicTestHarnesses](https://github.com/redcanaryco/atomictestharnesses ) has been released to simulate [T1059.001](https://attack.mitre.org/techniques/T1059/001/ ) in various capacities including the use of `EncodedArguments`, variations of `EncodedCommand` and command line switch types. Input arguments may be manipulated as needed to enhance simulation, which all may be found by reviewing the individual Harness code or import the ATH module and run `get-help`
Adding additional tests to:
- T1059.001 - Command and Scripting Interpreter: PowerShell
For pre-req, it will use the recently released AtomicTestHarnesses [PowerShellGallery](https://www.powershellgallery.com/packages/AtomicTestHarnesses ) module using `Install-Module -Name AtomicTestHarnesses -Scope CurrentUser -Force`
Confirmed all tests are operational on Windows 10, non privileged user.
2020-11-09 09:41:22 -07:00
910a2a764a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
f46f1788ab
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-18 18:45:01 +00:00
d3c575085f
removed cleanup command that deletes sharphound so the prereq only needs ( #1226 )
...
to be run once.
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
2020-09-18 12:44:04 -06:00
d852e8b845
Generate docs from job=validate_atomics_generate_docs branch=master
2020-07-07 15:25:19 +00:00
e5fe0a3266
T1059.001 - PowerShell Session Creation and Use ( #1010 )
...
* write test
* fix variable
* add completion description
* small fix
* fix executor
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-07-07 09:24:40 -06:00
8a82e9b66a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-06-18 01:57:35 +00:00
24549e3866
Convert to Mitre ATT&CK sub-technique schema ( #1056 )
...
* Initial transfer of atomics to MITRE subtechniques
* Add GUIDs back in, attack_technique to string (#1019 )
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* Subtechnique transfer T1220-T1546.005 (#1020 )
* Create T1222.001.yaml
* Create T1222.002.yaml
* Create T1505.002.yaml
* Update T1543.003.yaml
* Update AtomicService.cs
* Update T1546.005.yaml
* Delete T1222.yaml
* Update T1482.yaml
* Update T1485.yaml
* Update T1220.yaml
* Update T1489.yaml
* Update T1490.yaml
* Update T1496.yaml
* Update T1505.003.yaml
* Update T1505.yaml
* Update T1518.001.yaml
* Update T1518.yaml
* Update T1529.yaml
* Update T1543.004.yaml
* Update T1546.001.yaml
* Update T1546.002.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.002.yaml
* Update T1543.001.yaml
* Update T1518.001.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1531.yaml
* Update T1222.001.yaml
* Update T1222.002.yaml
* Update T1505.002.yaml
* Update T1505.003.yaml
* Update T1518.001.yaml
* Update T1543.001.yaml
* Update T1546.005.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.003.yaml
* Update T1543.002.yaml
* added auto_generated_guid 1220
* added T1222.001 auto_generated_guid
* Update T1222.002.yaml
added auto_generated_guid entries
* Update T1482.yaml
auto_generated_guid added
* Update T1485.yaml
added auto_generated_guids
* Update T1489.yaml
added auto_generated_guids
* Update T1490.yaml
added auto_generated_guids
* Update T1496.yaml
added auto_generated_guid
* Update T1505.002.yaml
added auto_generated_guid from old T1505 same atomic
* Update T1505.003.yaml
added auto_generated_guid from previous atomic 1100
* Delete T1505.yaml
no longer needed, moved to 1505.002
* Update T1518.yaml
added auto_generated_guids
* Update T1529.yaml
added auto_generated_guids
* Update T1531.yaml
added auto_generated_guids
* Update T1543.001.yaml
added auto_generated_guid
* Update T1543.002.yaml
added auto_generated_guid
* Update T1543.004.yaml
added auto_generated_guid
* Update T1546.001.yaml
added auto_generated_guid
* Update T1546.002.yaml
added auto_generated_guid
* Update T1546.003.yaml
* Update T1546.004.yaml
added auto_generated_guid
* Update T1546.005.yaml
added auto_generated_guid
* add guids back in
* fix spacing issue
* fix spacing
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Sub-techniques T1053-T1113 - Updates (#1022 )
* Sub-techniques T1053-T1113 - Updates
Updated techniques for sub-techniques.
* minor fixes
format fixing
* Added GUIDs
- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string
* Sub-technique updates T1546.008 through T1574.011 (#1024 )
* sub technique updates
* sub technique updates
* sub technique updates
* Carrie updates (#1017 )
* updated T1110,12,13
* updated T1114
* updated T1114
* updated T1115
* updated T1119
* updated T1123,24
* updated T1127
* updated T1114
* updated T1127
* updated T1132
* T1134.004
* T1134.004
* updated T1135
* updated T1136
* updated T1137
* updated T1140
* remove depracted T1153
* updated T1176
* updated T1197
* updated T1201
* updated T1202
* updated T1204
* updated T1207
* updated T1216
* updated T1204
* updated T1217
* updated T1218
* updated T1218
* updated T1219
* updated T1218
* attack_technique to string
* Subtechnique transfer (#1025 )
* T1003 review
* T1005 manual review changes
* T1027.002 sub-technique review
* T1027.004 sub-technique review
* T1036 sub-technique review
* T1037 sub-technique review
* T1048 sub-technique review
* YAML bugfixes
* Adding auto-generated GUIDs back to tests
* merging with Mike's PR
* Merging with Carrie's PR
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Subtechnique fix (#1026 )
* add atomic_tests: element
* add atomic_tests: element
* more fixes
* more fixes
* more fixes
* sub technique minor fixes 1 (#1027 )
* fixes
* fixes
* more fixes
* more fixes
* display name fix (#1028 )
* remove some deprecated stuff. reorganize a little (#1031 )
* Gendocs fix (#1033 )
* gendocs updates for subtechniques
* add folders
* ignore auto generated markdown files
* remove tmp files
* add tmp files
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
* navigator layer v3.0
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-06-17 12:55:46 -06:00
Atomic Red Team doc generator