* Improve pip handling (#1)
* virtual env added to T1018, tested and confirmed working
* virtual env added to T1003.001, tested and confirmed working
* virtual env added to T1555.003, tested and confirmed working
* Removing pip-autoremove installation as not required
* updating atomics count in README.md [ci skip]
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: publish bot <opensource@redcanary.com>
* fix: Updating format of 2 yaml defintions for new schema
* fix: Updating T1048
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.
This also fixes some white space issues and general line formatting across all impacted atomics.
* fix: One additional change needed
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1059.006.yaml
Remove ATT&CK technique description from test description.
* Update T1059.006.yaml
Clarify description to focus on the test, while still referencing the vulnerability and exploitation reporting by Volexity.
-Zero-Day Exploitation of Atlassian Confluence [CVE-2022-26134] Unauthenticated RCE vulnerability - Critical severity
As per Volexity, bash shells were launched by the Confluence web application process. It had spawned a bash process which spawned a Python process that in turn spawned a bash shell.
Reference: https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
Atomic Red Team doc generator