03464493cc
Update typos and small details T1071.yaml ( #2909 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-08-24 13:06:28 -06:00
acd5bf322b
cleanup ( #2738 )
2024-04-06 20:28:33 -06:00
a8421f8fb1
Minor fix to "type" field ( #2732 )
...
with nonstandard capitalization
2024-03-29 12:44:45 -06:00
aa236952ec
Creating new test for T1059 and T1071 ( #2708 )
...
* Adding T1059 and T1071
* Update T1071.md
* Delete atomics/T1071/src directory
* Add files via upload
* change localhost to 127.0.0.1 in T1070.yaml
* Update T1071.md
* Update T1071.md
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-02-28 19:27:14 -06:00
24549e3866
Convert to Mitre ATT&CK sub-technique schema ( #1056 )
...
* Initial transfer of atomics to MITRE subtechniques
* Add GUIDs back in, attack_technique to string (#1019 )
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* Subtechnique transfer T1220-T1546.005 (#1020 )
* Create T1222.001.yaml
* Create T1222.002.yaml
* Create T1505.002.yaml
* Update T1543.003.yaml
* Update AtomicService.cs
* Update T1546.005.yaml
* Delete T1222.yaml
* Update T1482.yaml
* Update T1485.yaml
* Update T1220.yaml
* Update T1489.yaml
* Update T1490.yaml
* Update T1496.yaml
* Update T1505.003.yaml
* Update T1505.yaml
* Update T1518.001.yaml
* Update T1518.yaml
* Update T1529.yaml
* Update T1543.004.yaml
* Update T1546.001.yaml
* Update T1546.002.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.002.yaml
* Update T1543.001.yaml
* Update T1518.001.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1531.yaml
* Update T1222.001.yaml
* Update T1222.002.yaml
* Update T1505.002.yaml
* Update T1505.003.yaml
* Update T1518.001.yaml
* Update T1543.001.yaml
* Update T1546.005.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.003.yaml
* Update T1543.002.yaml
* added auto_generated_guid 1220
* added T1222.001 auto_generated_guid
* Update T1222.002.yaml
added auto_generated_guid entries
* Update T1482.yaml
auto_generated_guid added
* Update T1485.yaml
added auto_generated_guids
* Update T1489.yaml
added auto_generated_guids
* Update T1490.yaml
added auto_generated_guids
* Update T1496.yaml
added auto_generated_guid
* Update T1505.002.yaml
added auto_generated_guid from old T1505 same atomic
* Update T1505.003.yaml
added auto_generated_guid from previous atomic 1100
* Delete T1505.yaml
no longer needed, moved to 1505.002
* Update T1518.yaml
added auto_generated_guids
* Update T1529.yaml
added auto_generated_guids
* Update T1531.yaml
added auto_generated_guids
* Update T1543.001.yaml
added auto_generated_guid
* Update T1543.002.yaml
added auto_generated_guid
* Update T1543.004.yaml
added auto_generated_guid
* Update T1546.001.yaml
added auto_generated_guid
* Update T1546.002.yaml
added auto_generated_guid
* Update T1546.003.yaml
* Update T1546.004.yaml
added auto_generated_guid
* Update T1546.005.yaml
added auto_generated_guid
* add guids back in
* fix spacing issue
* fix spacing
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Sub-techniques T1053-T1113 - Updates (#1022 )
* Sub-techniques T1053-T1113 - Updates
Updated techniques for sub-techniques.
* minor fixes
format fixing
* Added GUIDs
- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string
* Sub-technique updates T1546.008 through T1574.011 (#1024 )
* sub technique updates
* sub technique updates
* sub technique updates
* Carrie updates (#1017 )
* updated T1110,12,13
* updated T1114
* updated T1114
* updated T1115
* updated T1119
* updated T1123,24
* updated T1127
* updated T1114
* updated T1127
* updated T1132
* T1134.004
* T1134.004
* updated T1135
* updated T1136
* updated T1137
* updated T1140
* remove depracted T1153
* updated T1176
* updated T1197
* updated T1201
* updated T1202
* updated T1204
* updated T1207
* updated T1216
* updated T1204
* updated T1217
* updated T1218
* updated T1218
* updated T1219
* updated T1218
* attack_technique to string
* Subtechnique transfer (#1025 )
* T1003 review
* T1005 manual review changes
* T1027.002 sub-technique review
* T1027.004 sub-technique review
* T1036 sub-technique review
* T1037 sub-technique review
* T1048 sub-technique review
* YAML bugfixes
* Adding auto-generated GUIDs back to tests
* merging with Mike's PR
* Merging with Carrie's PR
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Subtechnique fix (#1026 )
* add atomic_tests: element
* add atomic_tests: element
* more fixes
* more fixes
* more fixes
* sub technique minor fixes 1 (#1027 )
* fixes
* fixes
* more fixes
* more fixes
* display name fix (#1028 )
* remove some deprecated stuff. reorganize a little (#1031 )
* Gendocs fix (#1033 )
* gendocs updates for subtechniques
* add folders
* ignore auto generated markdown files
* remove tmp files
* add tmp files
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
* navigator layer v3.0
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-06-17 12:55:46 -06:00
35c42f2c61
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 17:19:25 +00:00
4a8ec3b1c7
T1071 T1118 Improvements and Fixes ( #947 )
...
* start work
* test improvements
* fix type and broken sentence
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-22 10:23:42 -06:00
3fa4dd1c9e
Fixed cleanup commands ( #869 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 17:06:14 -06:00
75149a7ac0
T1071-IP ( #855 )
...
* T1071-IP
* T1071-IP-fixed
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-04 14:34:40 -07:00
6fb77ba8aa
T1071-8 OSTap Payload Download ( #849 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-29 14:59:35 -07:00
84120795f5
Adjusted the default domain from example.com to 127.0.0.1.xip.io to ( #832 )
...
allow the "Resolve-DnsName" commandlet to work as expected. Should
prevent runtime issues associated with NXDOMAIN.
2020-02-17 18:00:21 -07:00
c9bf800a29
T1071 - adding DNS C2 ( #825 )
...
* DNS C2
* DNS C2 - Fix Typos
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-06 09:00:15 -07:00
df12b3792b
This is to add a new atomic for windows that uses curl instead of ( #724 )
...
powershell for testing in environments that do not have powershell
logging enabled (such as ours).
It will be nearly identical to the "Malicious User Agents - Nix*"*
atomic.
2019-12-16 17:02:02 -07:00
48ef8edee0
Improve tests ( #715 )
...
* continue work
* remove duplicate test, this is also in 1023
* update more tests
* cleaning pass
2019-12-10 06:51:01 -07:00
1ec4ee2afd
fixed loop counter ( #583 )
2019-10-14 18:46:16 -06:00
1bfefdacfc
Add elevated ( #542 )
...
* provide elevation_required attribute
* provide elevation_required attribute
* provide elevation_required attribute
2019-09-03 07:34:42 -06:00
11bbe35ab2
Added T1071 atomics for DNS C2 ( #511 )
2019-06-14 06:47:35 -06:00
0c3e47f7be
T1100 and T1071 ( #475 )
...
* Technique - T1071
First commit of T1071 - Standard Application Layer Protocols.
Specifically using powershell & Curl to simulate malicious user agents.
* Web Shell
Simple test of copying webshells from atomic dir to a path on the file system.
* typo
* Generate docs from job=validate_atomics_generate_docs branch=web
2019-03-26 13:12:40 -07:00
Marco Pedrinazzi