Updated names and descriptions of the atomic tests.
Added few references and comments.
Updated few atomic tests.
Re-ordered macOS and linux tests for better organisation.
New tests added:
1. Delete system log files using unlink utility
2. Delete system log files using shred utility
3. Delete system log files using srm utility
4. Delete system log files using OSAScript
5. Delete system log files using Applescript
6. Delete system log files using JXA
7. System log file deletion using Cocoa API - 1
8. System log file deletion using Cocoa API - 2
Minor modifications to "System log file deletion using find utility"
The scripts will be available in "src" location
New tests added:
Delete log files using built-in log utility
Truncate system log files
Delete log files by appending null bytes
System log file deletion using find utility
Delete system logs using syslog utility
Overwrite macOS system log using echo utility
Real-time system log clearance/deletion
Delete system journal logs
The man pages of respective utilities can be referred for the same
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.
This also fixes some white space issues and general line formatting across all impacted atomics.
* fix: One additional change needed
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Fix T1551 to T1070
Found that we had T1070 labeled incorrectly as T1551. MITRE pushed a fix for this per https://attack.mitre.org/resources/updates/updates-july-2020/
```
Indicator Removal on Host Was incorrectly re-IDd to T1551, restored to T1070 and its sub-techniques were changed to T1070.001, T1070.002, T1070.003, T1070.004, T1070.005, and T1070.006
```
* Generate MD fix
Attempting to get the MD to generate
* Update enterprise-attack.json
* Generate docs from job=validate_atomics_generate_docs branch=T1070-indicator-removal-fix
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Atomic Red Team doc generator