security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

60 Commits

Author SHA1 Message Date
Atomic Red Team doc generator b3dc12d415 Generated docs from job=generate-docs branch=master [ci skip] 2025-11-05 01:55:34 +00:00
Atomic Red Team doc generator 5ede8f21e4 Generated docs from job=generate-docs branch=master [ci skip] 2025-02-13 22:03:40 +00:00
Atomic Red Team doc generator 501dd6c05e Generated docs from job=generate-docs branch=master [ci skip] 2024-11-20 01:35:37 +00:00
Hare Sudhan c8a70997da Adding more YAML validations (#2837) 
* Update T1202.yaml

* fix all atomics

* changing to macos to fix pytest issue

* changing to macos to fix pytest issue

* adding gitignore
 2024-07-10 08:54:26 -05:00
Phil Hagen fd399bb6ed fix nesting and remove empty entries (#2825) 
* fix nesting and remove empty entries

* missed an indent correction

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-03 16:31:05 -06:00
Atomic Red Team doc generator 75a7a106ce Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 00:26:33 +00:00
Prakash22-k 9d5c56fac7 Update T1218.011.yaml (#2813) 
Details:
Adding new atomic Test for Windows - Rundll32 execute payload by calling RouteTheCall

Testing:
Performed the Testing Atomic Lab

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-02 19:25:10 -05:00
Atomic Red Team doc generator ac9e63e872 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-18 16:37:08 +00:00
ohadm-cynet 0750e734e6 fix f3ad3c5b-1db1-45c1-81bf-d3370ebab6c8 schema (#2723) 2024-03-18 11:36:19 -05:00
itsmeLevan a5e3460d41 Update T1218.011.yaml (#2719) 
technique utilizing rundll32.exe and the FileProtocolHandler method to execute a command without requiring administrative privileges. By leveraging rundll32.exe in this manner, the test aims to assess the effectiveness of antivirus solutions, including Bitdefender, Windows Defender, and others, in detecting and preventing command execution evasion. The provided command bypasses certain antivirus detections by using the FileProtocolHandler to execute the specified command, in this case, launching 'calc.exe'. This evasion technique is known for its ability to exploit legitimate processes to execute malicious commands while avoiding detection. The test serves as an evaluation of antivirus solutions' capabilities to detect and mitigate such evasion tactics, contributing to the overall assessment of endpoint security posture.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-16 20:24:35 -05:00
Atomic Red Team doc generator ae87c3e185 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-25 01:15:48 +00:00
Atomic Red Team GUID generator 21401622e4 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-25 01:15:31 +00:00
KillrBunn3 1202d62c59 New test: T1218.011 Gamarue tradecraft commandline with rundll32 execution (#2678) 
* New test: T1218.011 Gamarue tradecraft commandline with rundll32 execution

* Update T1218.011.yaml

* Update T1218.011.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-22 15:29:05 -06:00
Atomic Red Team doc generator a228ee8656 Generated docs from job=generate-docs branch=master [ci skip] 2023-09-22 19:15:21 +00:00
Carrie Roberts d4709021fb Handle spaces in file paths (#2535) 
* updating atomics count in README.md [ci skip]

* wip

* handle spaces in path

* update readme

* fix typo

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2023-09-22 10:47:25 -06:00
Atomic Red Team doc generator 16594d72c5 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-13 23:11:19 +00:00
Josh Rickard a5dd0813cd fix: Updating atomics YAML file structure to align with the new JSON schema definition (#2323) 
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.

This also fixes some white space issues and general line formatting across all impacted atomics.

* fix: One additional change needed

---------

Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-13 16:10:37 -07:00
Atomic Red Team doc generator 16e52c1d55 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-21 23:56:47 +00:00
Zeta 073eda8319 Fix link (#2293) 
Fix the sigma rule links
 2023-01-21 18:56:04 -05:00
Atomic Red Team doc generator d0dad62dbc Generated docs from job=generate-docs branch=master [ci skip] 2022-09-23 22:57:18 +00:00
Atomic Red Team doc generator aedae30640 Generated docs from job=generate-docs branch=master [ci skip] 2022-09-20 21:53:56 +00:00
Atomic Red Team GUID generator bd48d02679 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-09-20 21:53:49 +00:00
Carrie Roberts 19e9e67f07 add ordinal version test to bypass av (#2144) 
* add ordinal version test to bypass av

* Update T1218.011.yaml

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-09-20 15:53:16 -06:00
Atomic Red Team doc generator 4d76b9efba Generated docs from job=generate-docs branch=master [ci skip] 2022-09-15 23:55:49 +00:00
MrOrOneEquals1 62986a437a Update T1218.011.yaml (#2139) 
Remove .\ from lines 118 and 144.
 2022-09-15 17:55:23 -06:00
Atomic Red Team doc generator 4df65234e9 Generated docs from job=generate-docs branch=master [ci skip] 2022-09-09 17:07:44 +00:00
Carrie Roberts 3d2018b41b add link to blog post for more info (#2129) 
* add link to blog post for more info

* Update T1218.011.yaml

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-09-09 11:07:11 -06:00
Atomic Red Team doc generator e457f1c340 Generated docs from job=generate-docs branch=master [ci skip] 2022-08-03 15:03:00 +00:00
lucasRiley f00731cc91 T1218.011 (#2070) 
Co-authored-by: Riley <lriley@NTI.local>
 2022-08-03 09:02:25 -06:00
Atomic Red Team doc generator 3a5209a4fc Generated docs from job=generate-docs branch=master [ci skip] 2022-07-29 22:32:00 +00:00
Atomic Red Team GUID generator 023e149ac5 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-07-29 22:31:53 +00:00
lucasRiley e712150c21 T1218.011 Improvement (#2058) 
Co-authored-by: Riley <lriley@NTI.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-07-29 16:31:23 -06:00
Atomic Red Team doc generator 819934cc3f Generated docs from job=generate-docs branch=master [ci skip] 2022-06-16 22:47:00 +00:00
Atomic Red Team doc generator a6f3763249 Generated docs from job=generate-docs branch=master [ci skip] 2022-04-30 01:44:53 +00:00
Jorge Orchilles e91928c7e1 Add Rundll32 with desk.cpl (#1912) 
* Update T1218.011.yaml

Add Rundll32 with desk.cpl

* Update T1218.011.yaml

* Update T1218.011.yaml

* Update T1218.011.yaml

* Update T1218.011.yaml

* Update T1218.011.yaml
 2022-04-29 19:44:18 -06:00
CircleCI Atomic Red Team doc generator 7091fa8b16 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-01 14:37:00 +00:00
CircleCI Atomic Red Team doc generator 5f5b2d23d5 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-09 16:57:44 +00:00
Sittikorn S c07e64a941 Rundll32 with Control_RunDLL (#1773) 2022-02-09 09:57:19 -07:00
CircleCI Atomic Red Team doc generator 9e92f29f6b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-08 17:38:57 +00:00
CircleCI Atomic Red Team GUID generator c559c7f176 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-08 17:38:52 +00:00
Michael Haag c600d56ced Rundll32 ordinal (#1770) 2022-02-08 11:38:36 -06:00
CircleCI Atomic Red Team doc generator effcf8b023 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-05 02:53:33 +00:00
CircleCI Atomic Red Team GUID generator 3e31df7f38 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-05 02:53:26 +00:00
Rimsha3108 b63dbfa127 T1218.011_update (#1761) 
Co-authored-by: Rimsha Alam <ralam@nti.local>
 2022-02-04 20:52:52 -06:00
CircleCI Atomic Red Team doc generator bc21f59ff0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-04 00:21:31 +00:00
Josh Rickard 1513717eb2 Updating atomics to conform to standard (#1619) 
* Updated format of input_argument types for Url

* Updated type for input_arguments to Url (missed)

* Updating Path type for input_arguments

* Updated String type for input_arguments

* Missed a few Strings and Url types

* Updated default values for input_arguments to align with their types

* Updated Integer type for input_arguments

* Updated formatting and spacing of atomics
 2021-09-03 18:20:46 -06:00
CircleCI Atomic Red Team doc generator 36d49de4c8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-24 17:04:33 +00:00
CircleCI Atomic Red Team doc generator 575b36a8e6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-24 15:16:54 +00:00
CircleCI Atomic Red Team doc generator 396ea73b70 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-03-13 14:24:38 +00:00
CircleCI Atomic Red Team GUID generator 4803288632 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-03-13 14:24:31 +00:00