security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

77 Commits

Author SHA1 Message Date
Always in the Cage 2b8c6b4ce4 fix(T1082): define $S3cur3Th1sSh1t_repo for multiple WinPwn tests (14-23) (#3166) 
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2025-09-02 12:07:15 -04:00
Hare Sudhan bfdd702717 Remove unused variable (#3040) 2025-01-28 00:02:41 -05:00
Atomic Red Team doc generator 1f3c2b9c9d Generated docs from job=generate-docs branch=master [ci skip] 2024-12-19 00:41:04 +00:00
lazarg 2d9087901d Update T1082.yaml (#3015) 
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
 2024-12-18 16:39:58 -08:00
Atomic Red Team doc generator 25e3c3956c Generated docs from job=generate-docs branch=master [ci skip] 2024-11-05 21:12:26 +00:00
Burak Karaduman 67f47a078c New atomic added. (#2970) 
* New atomic added.

* Update T1082.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-11-05 16:11:26 -05:00
Atomic Red Team doc generator bb351c1480 Generated docs from job=generate-docs branch=master [ci skip] 2024-11-05 21:03:53 +00:00
Burak Karaduman aa542159ab Added new atomic. (#2969) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-11-05 16:03:00 -05:00
Atomic Red Team doc generator b2d3484155 Generated docs from job=generate-docs branch=master [ci skip] 2024-10-17 00:17:27 +00:00
Burak Karaduman bddd7e6096 Update T1082.yaml (#2956) 
New atomic added.
 2024-10-16 18:16:23 -06:00
Atomic Red Team doc generator d64a63dabc Generated docs from job=generate-docs branch=master [ci skip] 2024-10-12 02:48:49 +00:00
Burak Karaduman 9a962c8f70 Update T1082.yaml (#2955) 
New atomic added.
 2024-10-11 20:47:50 -06:00
spyder-griffith f80dec9172 Fix a typo in T108 - Linux VM Check via Hardware (#2948) 
`/sys/class/dmi/id/product_name` is being compared twice instead of using `/sys/class/dmi/id/chassis_vendor`
 2024-09-30 13:36:55 -04:00
Atomic Red Team doc generator 30a2f6f601 Generated docs from job=generate-docs branch=master [ci skip] 2024-08-03 01:37:27 +00:00
sree siva likhitha kothalanka de8cc181a6 Update T1082.yaml (#2895) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-08-02 20:36:16 -05:00
Hare Sudhan 3183811486 Fix ESXi tests (#2853) 
* fix esxi tests

* fix macos tests

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-16 13:20:36 -05:00
Hare Sudhan 81b987e1a6 fix atomics (#2852) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-16 13:06:56 -05:00
Atomic Red Team doc generator 32b70e5536 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-04 18:50:40 +00:00
Prakash22-k 2cd5641ed7 Update T1082.yaml (#2814) 
* Update T1082.yaml

Details:
Adding new atomic Test for Mac OS under the MITRE Technique ID- T1082  - System Information Discovery

Name : sysctl to gather macOS hardware info

* remove empty keys

* remove empty keys

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-07-04 14:49:30 -04:00
Enes 647c26323f Create T1652 folder and yaml file (#2808) 
* Create T1652

Adding a new folder so that I can add a YAML file for a new test.

* Delete atomics/T1652

Restarting

* Create T1652.yaml

Created a folder and new a new YAML file.

* Update T1652.yaml

Added more verbosity and details to t1652.

* Update T1082.yaml

Atomic Test #28 - Driver Enumeration using DriverQuery

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-06-28 18:06:32 -05:00
ajpc500 82ad1c0bd8 remove pause from seatbelt psh command (#2744) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-04-23 18:29:00 -06:00
BlueTeamOps 9ba4043595 ESXi ART Tests Batch 1 (#2635) 
* ESXi Tests Batch 1

* remove duplicate key

* Update T1082.yaml

Updated the binary location to ExternalPayloads folder and also added the folder creation in GetPreReqs

* Update T1083.yaml

Added External Payloads and included folder creation in GetPreReqs

* Update T1129.yaml

Added ExternalPayloads refence. 
Added folder creation in GetPreReqs
Move the reference of the vib to src

* Update T1529.yaml

Added External Payloads folder and added folder creation step to GetPreReqs

* Update T1529.yaml

987c9b4d-a637-42db-b1cb-e9e242c3991b - added external payloads

* Update T1562.010.yaml

Added External Payloads reference and folder creation to GetPreReqs

* Moved the vib to src

* Delete atomics/T1129/bin directory

* Delete atomics/T1082/bin directory

* Delete atomics/T1083/bin directory

* Delete atomics/T1562.010/bin directory

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-12-14 08:27:13 -07:00
Hare Sudhan 62a85c12b5 FreeBSD changes (#2585) 
* freebsd changes

* renaming freebsd to linux
 2023-11-06 17:41:43 -05:00
Atomic Red Team GUID generator 16b5287208 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-11-02 00:56:30 +00:00
Jose Enrique Hernandez 2c1db3e4dd Merge branch 'master' into master 2023-11-01 19:10:13 -04:00
Atomic Red Team GUID generator 971f54bdf9 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-29 14:50:42 +00:00
Swachchhanda Shrawan Poudel 247349eb5c Added new tests for techniques T1082 and T1070 (#2547) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-09-29 08:50:02 -06:00
Carrie Roberts d4709021fb Handle spaces in file paths (#2535) 
* updating atomics count in README.md [ci skip]

* wip

* handle spaces in path

* update readme

* fix typo

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2023-09-22 10:47:25 -06:00
Kyaw-Pyiyt-Htet-Mikoyan 5562068aa2 Update T1082.yaml (#2516) 2023-08-29 21:43:06 -06:00
Atomic Red Team GUID generator 9dc2b0ad9e Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-06-26 22:18:25 +00:00
Mohana Shankar D f321b44948 New atomic Test - Driver Enumeration using driverquery (#2473) 
* New atomic Test - Driver Enumeration using driverquery

* Update T1082.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-06-26 16:17:00 -06:00
Carrie Roberts 068d32b1ea use ExternalPayloads directory (#2460) 
* use ExternalPayloads directory

* use ExternalPayloads directory

* use ExternalPayloads directory
 2023-06-15 10:16:12 -06:00
Alonso Cárdenas 3b8d0af302 Remove auto_generated_guid lines from new entries 
Some other tiny modifications
 2023-06-09 09:11:41 -05:00
Alonso Cárdenas 86913f3573 Merge branch 'master' of https://github.com/alonsobsd/atomic-red-team 2023-06-01 22:03:39 -05:00
amalone-scwx e6390f6417 minor cleanup to dependencies and exit codes (#2415) 2023-05-09 10:26:45 -06:00
Alonso Cárdenas f1c5a9be03 Add FreeBSD support 2023-05-08 11:06:08 -05:00
Josh Rickard a5dd0813cd fix: Updating atomics YAML file structure to align with the new JSON schema definition (#2323) 
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.

This also fixes some white space issues and general line formatting across all impacted atomics.

* fix: One additional change needed

---------

Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-13 16:10:37 -07:00
Atomic Red Team GUID generator fac22a7b8b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-26 20:11:41 +00:00
IntelScott cbb21a1cc1 Update T1082.yaml (#2298) 
Add new test to simulate behavior recently observed in use by an infostealer family
 2023-01-26 15:10:52 -05:00
packetzero 3f4996c8ff T1082 list linux kernel modules - remove sudo (#2234) 
* T1082 list linux kernel modules - remove sudo

Fix for #2233.  Remove unnecessary  `sudo` from T1082 "Linux list kernel modules" commands.  Add another mechanism to `cat /proc/modules`.

* change to grep proc modules

A little more interesting to grep the /proc/modules file rather than cat.

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-01-05 11:14:50 -07:00
tlor89 2c17fe046c T1082_update (#2178) 
* T1082_update

* Update prereq description

Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-04 16:34:35 -06:00
Atomic Red Team GUID generator bf0c945de8 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-08-17 21:30:01 +00:00
Michael Haag a93030e394 Linux and Windows (#2085) 
* Linux and Windows

* Update T1115.yaml
 2022-08-17 15:29:33 -06:00
Dan d98de27058 Update T1082-3,4 (#2035) 
Remove semicolons from end of if statements

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-07-14 21:19:00 -06:00
Atomic Red Team GUID generator a04ddfd5d1 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-07-13 20:10:12 +00:00
Leo Verlod 9f7a456f9f Adding T1082 Test - Azure Security Scan with SkyArk 2022-06-29 00:09:34 -05:00
Atomic Red Team GUID generator e1f3b35ce2 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-05-12 23:54:17 +00:00
tlor89 7f14e048e0 Update T1082.yaml (#1951) 
* Update T1082.yaml

 PowerSharpPack - Seatbelt technique via function of WinPwn performing Local Privileges escalation

* Update T1082.yaml

* Update T1082.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-05-12 17:53:54 -06:00
Atomic Red Team GUID generator da6c2b191b Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-05-12 23:32:41 +00:00
tlor89 9b66e99946 Update T1082.yaml (#1962) 
* Update T1082.yaml

PowerSharpPack - Sharpup checking common Privesc vectors technique via function of WinPwn

* Update T1082.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-05-12 17:32:15 -06:00