33939648b7
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:37:54 +00:00
5fc2f6dd5f
Update T1218.yaml ( #2855 )
...
* Update T1218.yaml
* Update T1218.yaml
* Update T1218.yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:36:46 -05:00
cb9433117b
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-01-03 22:12:17 +00:00
f1c38b0670
Msedge proxy execution ( #2647 )
...
Co-authored-by: unknown <administrator@ADAWS.COM >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-01-03 16:11:43 -06:00
2b365242a1
Update T1218.yaml ( #2597 )
...
Dependency Executor Needs to be explicitly defined
2023-11-08 07:28:25 -08:00
f9f938d5f8
Update T1218.yaml ( #2596 )
...
Added prereqs to T1218#12 so it can be executed remotely with invoke-atomictest
2023-11-08 06:19:21 -08:00
33aa1e0df2
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-09-29 14:45:20 +00:00
2dc70561dd
Provlaunch.exe Executes Arbitrary Command via Registry Key ( #2546 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-09-29 08:44:32 -06:00
d4709021fb
Handle spaces in file paths ( #2535 )
...
* updating atomics count in README.md [ci skip]
* wip
* handle spaces in path
* update readme
* fix typo
---------
Co-authored-by: publish bot <opensource@redcanary.com >
2023-09-22 10:47:25 -06:00
befa9a2a43
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-08-15 01:03:08 +00:00
55301cf3a3
Customshellhost ( #2509 )
...
* Adding CustomShellHost
* Update T1218.yaml
* fixed
2023-08-14 19:02:11 -06:00
586818a01f
use ExternalPayloads folder ( #2462 )
...
* use ExternalPayloads folder
* psexec as external dependency
* psexec as external dependency
2023-06-15 13:52:16 -06:00
a5dd0813cd
fix: Updating atomics YAML file structure to align with the new JSON schema definition ( #2323 )
...
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.
This also fixes some white space issues and general line formatting across all impacted atomics.
* fix: One additional change needed
---------
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-02-13 16:10:37 -07:00
7934ae4b9f
update prereq ( #2117 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-09-07 05:47:57 -06:00
f45fd9f312
remove duplicate test ( #2123 )
2022-09-06 20:51:44 -06:00
a8f00eb241
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-05-25 04:12:12 +00:00
af529da1e5
Add lolbin ( #1979 )
2022-05-24 22:11:43 -06:00
81681bd735
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-05-10 20:43:54 +00:00
9a3d6d4b5e
Add lolbin test ( #1933 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-05-10 14:43:25 -06:00
072ade0eb2
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-03-21 23:15:03 +00:00
86e1badb67
Adding T1218 Test 10 - Load DLL with Wuauclt ( #1824 )
...
* Create bin directory
* Add calc.dll
* Add Wuauclt dll loading
* prereq description wording update
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-03-21 17:14:36 -06:00
1bdc7b2855
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-02-15 20:23:35 +00:00
a4ef8ea382
DiskShadow Execution of script ( #1778 )
...
* DiskShadow Execution of script
* Added reference to description
* Implemented dspath check
2022-02-15 14:23:09 -06:00
1513717eb2
Updating atomics to conform to standard ( #1619 )
...
* Updated format of input_argument types for Url
* Updated type for input_arguments to Url (missed)
* Updating Path type for input_arguments
* Updated String type for input_arguments
* Missed a few Strings and Url types
* Updated default values for input_arguments to align with their types
* Updated Integer type for input_arguments
* Updated formatting and spacing of atomics
2021-09-03 18:20:46 -06:00
dfa1c271f8
programatically determine location of protocolhandler ( #1420 )
2021-04-08 11:47:25 -06:00
23c3f8114b
Update T1218.yaml ( #1416 )
...
Default install path was c:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-04-08 07:19:27 -06:00
39954ec1af
Update T1218.yaml ( #1360 )
...
Updated microsoft.workflow.compiler.exe test
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:15:29 -07:00
b699820fe3
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2020-12-28 16:19:04 +00:00
91e0e61c94
Adding RemoteFXvGPUDisablement.exe LOLBin coverage ( #1341 )
...
* Update T1218.yaml
Adding RemoteFXvGPUDisablement.exe LOLBIN coverage via AtomicTestHarnesses to T1218. Thanks, @MHaggis!
* Update T1218.yaml
Adding a more detailed description for this test.
* Update T1218.yaml
2020-12-28 09:18:37 -07:00
28086402e2
Maintainers updates ( #1328 )
...
* Update maintainers.md
Remove reference to announcements channel, which has been created.
* Generate docs from job=validate_atomics_generate_docs branch=maintainers-updates
* Update maintainers.md
Updates to maintainers meeting purpose, scope, and agendas.
* Generate docs from job=validate_atomics_generate_docs branch=maintainers-updates
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-12-15 14:18:41 -07:00
5db071d288
Workflow compiler tests ( #1331 )
...
* Adding in Workflow Compiler Tests
This adds 2 workflow compiler tests.
1.) Test 6 will execute workflow compiler with a pre-build assembly that invokes cal.
2.) Test 7 will rename workflow compilers and execute the same pre-build assembly that invokes calc.
* minor path updates
Co-authored-by: Jimmy Astle <jastle@vmware.com >
2020-12-15 13:47:39 -07:00
9ec5d7dd9a
Update T1218 Test 5 ( #1296 )
...
default path contains a space and the command needs to be surrounded by quotes.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-11-27 13:57:42 -07:00
22a8e308ca
Generate docs from job=validate_atomics_generate_docs branch=master
2020-08-15 23:14:57 +00:00
751a827e86
T1218 ( #1197 )
...
* Added T1203 ProtocolHandler.exe
* Fixed numbering error
* remove white space
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-08-15 17:14:34 -06:00
24549e3866
Convert to Mitre ATT&CK sub-technique schema ( #1056 )
...
* Initial transfer of atomics to MITRE subtechniques
* Add GUIDs back in, attack_technique to string (#1019 )
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* Subtechnique transfer T1220-T1546.005 (#1020 )
* Create T1222.001.yaml
* Create T1222.002.yaml
* Create T1505.002.yaml
* Update T1543.003.yaml
* Update AtomicService.cs
* Update T1546.005.yaml
* Delete T1222.yaml
* Update T1482.yaml
* Update T1485.yaml
* Update T1220.yaml
* Update T1489.yaml
* Update T1490.yaml
* Update T1496.yaml
* Update T1505.003.yaml
* Update T1505.yaml
* Update T1518.001.yaml
* Update T1518.yaml
* Update T1529.yaml
* Update T1543.004.yaml
* Update T1546.001.yaml
* Update T1546.002.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.002.yaml
* Update T1543.001.yaml
* Update T1518.001.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1531.yaml
* Update T1222.001.yaml
* Update T1222.002.yaml
* Update T1505.002.yaml
* Update T1505.003.yaml
* Update T1518.001.yaml
* Update T1543.001.yaml
* Update T1546.005.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.003.yaml
* Update T1543.002.yaml
* added auto_generated_guid 1220
* added T1222.001 auto_generated_guid
* Update T1222.002.yaml
added auto_generated_guid entries
* Update T1482.yaml
auto_generated_guid added
* Update T1485.yaml
added auto_generated_guids
* Update T1489.yaml
added auto_generated_guids
* Update T1490.yaml
added auto_generated_guids
* Update T1496.yaml
added auto_generated_guid
* Update T1505.002.yaml
added auto_generated_guid from old T1505 same atomic
* Update T1505.003.yaml
added auto_generated_guid from previous atomic 1100
* Delete T1505.yaml
no longer needed, moved to 1505.002
* Update T1518.yaml
added auto_generated_guids
* Update T1529.yaml
added auto_generated_guids
* Update T1531.yaml
added auto_generated_guids
* Update T1543.001.yaml
added auto_generated_guid
* Update T1543.002.yaml
added auto_generated_guid
* Update T1543.004.yaml
added auto_generated_guid
* Update T1546.001.yaml
added auto_generated_guid
* Update T1546.002.yaml
added auto_generated_guid
* Update T1546.003.yaml
* Update T1546.004.yaml
added auto_generated_guid
* Update T1546.005.yaml
added auto_generated_guid
* add guids back in
* fix spacing issue
* fix spacing
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Sub-techniques T1053-T1113 - Updates (#1022 )
* Sub-techniques T1053-T1113 - Updates
Updated techniques for sub-techniques.
* minor fixes
format fixing
* Added GUIDs
- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string
* Sub-technique updates T1546.008 through T1574.011 (#1024 )
* sub technique updates
* sub technique updates
* sub technique updates
* Carrie updates (#1017 )
* updated T1110,12,13
* updated T1114
* updated T1114
* updated T1115
* updated T1119
* updated T1123,24
* updated T1127
* updated T1114
* updated T1127
* updated T1132
* T1134.004
* T1134.004
* updated T1135
* updated T1136
* updated T1137
* updated T1140
* remove depracted T1153
* updated T1176
* updated T1197
* updated T1201
* updated T1202
* updated T1204
* updated T1207
* updated T1216
* updated T1204
* updated T1217
* updated T1218
* updated T1218
* updated T1219
* updated T1218
* attack_technique to string
* Subtechnique transfer (#1025 )
* T1003 review
* T1005 manual review changes
* T1027.002 sub-technique review
* T1027.004 sub-technique review
* T1036 sub-technique review
* T1037 sub-technique review
* T1048 sub-technique review
* YAML bugfixes
* Adding auto-generated GUIDs back to tests
* merging with Mike's PR
* Merging with Carrie's PR
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Subtechnique fix (#1026 )
* add atomic_tests: element
* add atomic_tests: element
* more fixes
* more fixes
* more fixes
* sub technique minor fixes 1 (#1027 )
* fixes
* fixes
* more fixes
* more fixes
* display name fix (#1028 )
* remove some deprecated stuff. reorganize a little (#1031 )
* Gendocs fix (#1033 )
* gendocs updates for subtechniques
* add folders
* ignore auto generated markdown files
* remove tmp files
* add tmp files
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
* navigator layer v3.0
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-06-17 12:55:46 -06:00
35c42f2c61
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 17:19:25 +00:00
1e601b4b9c
Fix description, remove broken test ( #904 )
...
* start work
* fix test to run 64 bit version
* delete broken test
* fix merge conflicts
* merge
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 14:56:18 -06:00
6469c41198
Success Descriptions 3rd Batch ( #895 )
...
* Success Descriptions 3rd Batch
* typo fix
* wording
* typo fix
* improve description
* remove update for now
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 16:02:55 -06:00
74e33cac01
T1218-5_Updatefix ( #892 )
...
* T1218-5_Updatefix
* T1218-5_Updatefix
* wording update
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-18 15:46:22 -06:00
c6d8809af3
Add prereqs ( #867 )
...
* Added prereqs
* Added prereqs
* Add prereqs
* undeleting file
* corrections
* Corrections
2020-03-10 17:02:52 -06:00
e8d584cb5c
T1085 - Atomic Friday ( #660 )
...
* Atomic Friday - T1085 Adds
Atomic Friday - T1085 Adds
* Generate docs from job=validate_atomics_generate_docs branch=T1085
* Atomic Friday - Ready
Atomic Ready!
* Generate docs from job=validate_atomics_generate_docs branch=T1085
2019-11-14 15:04:08 -06:00
e2309b30af
T1218 proxied binary execution tests ( #628 )
...
* Added proxied binary execution tests
* Generate docs from job=validate_atomics_generate_docs branch=t1218_tests
2019-11-08 18:57:19 -07:00
c648b94ff1
remove hard-coded path to atomics foler in tests ( #618 )
2019-11-08 11:46:46 -06:00
1bfefdacfc
Add elevated ( #542 )
...
* provide elevation_required attribute
* provide elevation_required attribute
* provide elevation_required attribute
2019-09-03 07:34:42 -06:00
61ffc53425
Register-CimProvider Atomic test ( #435 )
...
A quick atomic test that utilizes register-cimprovider to execute a dll that pops calc.
2019-01-16 09:23:29 -08:00
943b36db5d
T1218 Signed Binary Proxy Execution ( #413 )
2018-12-04 16:37:48 -08:00
Atomic Red Team doc generator