security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

43 Commits

Author SHA1 Message Date
matt-kowalski 227a4ca7d7 bump ScreenConnect version (#3086) 
Co-authored-by: Mattis Swannet <mattis.swannet@nynox.eu>
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
 2025-03-19 15:54:37 -07:00
Atomic Red Team doc generator 8bc469a357 Generated docs from job=generate-docs branch=master [ci skip] 2025-03-01 23:02:53 +00:00
Thomas ba3d91a29e Update T1219.yaml with Quick assist (#3068) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2025-03-01 17:02:00 -06:00
Atomic Red Team doc generator 25fdb321ee Generated docs from job=generate-docs branch=master [ci skip] 2024-05-16 01:42:23 +00:00
Pavan R Patil c26905e768 Added Splashstop streamer to T1219 (#2781) 
* Added Splashstop streamer to T1219

* Fix YAML indent

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-05-15 20:41:05 -05:00
Atomic Red Team doc generator 9c842daeb3 Generated docs from job=generate-docs branch=master [ci skip] 2024-05-15 00:48:54 +00:00
Hare Sudhan 5f71a665e2 Fix T1219 test (#2780) 2024-05-14 19:41:14 -05:00
Leo Verlod b2658be590 Update T1219.yaml (#2763) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-05-10 12:54:10 -05:00
Atomic Red Team GUID generator 344dea9fbd Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-26 19:51:04 +00:00
swathinator 29e3c6eb8f Update RustDesk T1219.yaml (#2706) 
* Update RustDesk T1219.yaml

Update RustDesk T1219

* Update T1219.yaml

* Update T1219.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-26 13:50:20 -06:00
Carrie Roberts d4709021fb Handle spaces in file paths (#2535) 
* updating atomics count in README.md [ci skip]

* wip

* handle spaces in path

* update readme

* fix typo

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2023-09-22 10:47:25 -06:00
Carrie Roberts 068d32b1ea use ExternalPayloads directory (#2460) 
* use ExternalPayloads directory

* use ExternalPayloads directory

* use ExternalPayloads directory
 2023-06-15 10:16:12 -06:00
Atomic Red Team GUID generator 8037cadb4d Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-05-17 19:46:06 +00:00
Leo Verlod 7b7097d069 Adding T1219 Test 11 - MSP360 Connect Execution (#2420) 
Thank you Leo!
 2023-05-17 13:45:25 -06:00
Hare Sudhan e563055a69 (enhancement) CI validations (#2419) 
* more validations added

* rename bin

* fnmatch fix
 2023-05-15 09:36:19 -06:00
Jiaxi ® 9a70b81004 fix: T1219 typo (#2417) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-05-11 15:25:07 -06:00
Josh Rickard a5dd0813cd fix: Updating atomics YAML file structure to align with the new JSON schema definition (#2323) 
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.

This also fixes some white space issues and general line formatting across all impacted atomics.

* fix: One additional change needed

---------

Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-13 16:10:37 -07:00
Atomic Red Team GUID generator 0186f8aba8 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-09-30 17:12:13 +00:00
Narasimha2218 a0f872e11a UltraVNC Execution -New atomictest (#2169) 
* UltraVNC Execution -New atomictest

 An adversary may attempt to trick the user into downloading UltraVNC for use as a C2 channel.
 Upon successful execution, UltraVNC will be executed

* typo fix

* remove space

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-09-30 11:11:44 -06:00
frack113 5b7eb3fe8b Fix download dependencies (#2165) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-09-26 11:58:46 -06:00
Carrie Roberts 404fa7fd3f Use IWR instead of bits transfer (#2146) 2022-09-21 06:18:58 -06:00
Atomic Red Team GUID generator 5c6b0650b0 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-08-24 20:30:32 +00:00
Tanner Humphreys 497b2111b8 T1219 update (#2083) 
* Added UltraViewer - RAT Extension

* Added UltraViewer - RAT Extension

* Update T1219.yaml

* Update T1219.yaml

* spaces and prereq fixes

* Update T1219.yaml

Co-authored-by: Tanner Humphreys <thumphreys@nti.local>
Co-authored-by: Tanner Humphreys <Tanner.Humphreys@Walmart.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-08-24 14:29:57 -06:00
Atomic Red Team GUID generator 39edfb5296 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-07-02 02:25:44 +00:00
zspadoni28 20b438d4bd Adding T1219-8 | NetSupport - RAT Execution (#2017) 
* Update T1219.yaml with NetSupport RAT Execution

This test is designed to install and execute the NetSupport tool that is capable of RAT execution.

* Update T1219.yaml
 2022-07-01 20:25:13 -06:00
CircleCI Atomic Red Team GUID generator 36248625a9 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-20 02:40:32 +00:00
Leo Verlod ecf15d4e60 Adding T1219 Test 7 - RemotePC Executable Ran (#1879) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-19 20:40:09 -06:00
CircleCI Atomic Red Team GUID generator d149f3346e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-30 22:20:34 +00:00
Leo Verlod 952d94c6f7 Adding T1219 Test 6 - Ammyy Admin (#1831) 
* Add ammyy.exe

* Add T1219 Test 6 - Ammyy Admin

* Update prereq link - ammyy admin

* Update T1219 - Ammyy Admin Prereq

* Delete Ammyy.exe

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-30 16:19:58 -06:00
frack113 400a3a1558 fix errors (#1738) 2022-01-24 08:03:09 -07:00
Carrie Roberts 5bb5878e62 Cleaning up the Cleanup commands (#1685) 
* cleanup fixes

* cleanup fixes

* cleanup fixes
 2021-12-09 11:42:14 -07:00
CircleCI Atomic Red Team GUID generator e4bfc77bf2 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-04 00:26:58 +00:00
tlor89 ae0fd36089 Added ScreenConnect application (#1618) 
* Added ScreenConnect application

* update line spacing

* some wording updates and cleanup.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-09-03 18:26:26 -06:00
CircleCI Atomic Red Team GUID generator a8dc0e3b07 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-07-27 15:31:40 +00:00
tlor89 99335067a3 T1219_Update (#1566) 
Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-07-27 09:31:11 -06:00
Hare Sudhan Muthusamy 02ac2deb4f Cleanup fixes (#1108) 
* Cleanup Fixes

* Wrong executor name and missing $ sign in T1553

* Cleanup fixes

* File checks added

* File path error check changed
 2020-07-08 15:15:52 -06:00
Tsora-Pop 468f5839b2 Update T1219.yaml (#1086) 
Updated Commands and Cleanup Commands for all T1219 atomics

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-06-26 09:27:44 -06:00
Carrie Roberts 24549e3866 Convert to Mitre ATT&CK sub-technique schema (#1056) 
* Initial transfer of atomics to MITRE subtechniques

* Add GUIDs back in, attack_technique to string (#1019)

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* Subtechnique transfer T1220-T1546.005 (#1020)

* Create T1222.001.yaml

* Create T1222.002.yaml

* Create T1505.002.yaml

* Update T1543.003.yaml

* Update AtomicService.cs

* Update T1546.005.yaml

* Delete T1222.yaml

* Update T1482.yaml

* Update T1485.yaml

* Update T1220.yaml

* Update T1489.yaml

* Update T1490.yaml

* Update T1496.yaml

* Update T1505.003.yaml

* Update T1505.yaml

* Update T1518.001.yaml

* Update T1518.yaml

* Update T1529.yaml

* Update T1543.004.yaml

* Update T1546.001.yaml

* Update T1546.002.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.002.yaml

* Update T1543.001.yaml

* Update T1518.001.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1531.yaml

* Update T1222.001.yaml

* Update T1222.002.yaml

* Update T1505.002.yaml

* Update T1505.003.yaml

* Update T1518.001.yaml

* Update T1543.001.yaml

* Update T1546.005.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.003.yaml

* Update T1543.002.yaml

* added auto_generated_guid 1220

* added T1222.001 auto_generated_guid

* Update T1222.002.yaml

added   auto_generated_guid entries

* Update T1482.yaml

  auto_generated_guid added

* Update T1485.yaml

added   auto_generated_guids

* Update T1489.yaml

added   auto_generated_guids

* Update T1490.yaml

added   auto_generated_guids

* Update T1496.yaml

added   auto_generated_guid

* Update T1505.002.yaml

added   auto_generated_guid from old T1505 same atomic

* Update T1505.003.yaml

added  auto_generated_guid from previous atomic 1100

* Delete T1505.yaml

no longer needed, moved to 1505.002

* Update T1518.yaml

added  auto_generated_guids

* Update T1529.yaml

added   auto_generated_guids

* Update T1531.yaml

added   auto_generated_guids

* Update T1543.001.yaml

added   auto_generated_guid

* Update T1543.002.yaml

added   auto_generated_guid

* Update T1543.004.yaml

added   auto_generated_guid

* Update T1546.001.yaml

added   auto_generated_guid

* Update T1546.002.yaml

added   auto_generated_guid

* Update T1546.003.yaml

* Update T1546.004.yaml

added  auto_generated_guid

* Update T1546.005.yaml

added  auto_generated_guid

* add guids back in

* fix spacing issue

* fix spacing

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Sub-techniques T1053-T1113 - Updates (#1022)

* Sub-techniques T1053-T1113 - Updates

Updated techniques for sub-techniques.

* minor fixes

format fixing

* Added GUIDs

- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string

* Sub-technique updates T1546.008 through T1574.011 (#1024)

* sub technique updates

* sub technique updates

* sub technique updates

* Carrie updates (#1017)

* updated T1110,12,13

* updated T1114

* updated T1114

* updated T1115

* updated T1119

* updated T1123,24

* updated T1127

* updated T1114

* updated T1127

* updated T1132

* T1134.004

* T1134.004

* updated T1135

* updated T1136

* updated T1137

* updated T1140

* remove depracted T1153

* updated T1176

* updated T1197

* updated T1201

* updated T1202

* updated T1204

* updated T1207

* updated T1216

* updated T1204

* updated T1217

* updated T1218

* updated T1218

* updated T1219

* updated T1218

* attack_technique to string

* Subtechnique transfer (#1025)

* T1003 review

* T1005 manual review changes

* T1027.002 sub-technique review

* T1027.004 sub-technique review

* T1036 sub-technique review

* T1037 sub-technique review

* T1048 sub-technique review

* YAML bugfixes

* Adding auto-generated GUIDs back to tests

* merging with Mike's PR

* Merging with Carrie's PR

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Subtechnique fix (#1026)

* add atomic_tests: element

* add atomic_tests: element

* more fixes

* more fixes

* more fixes

* sub technique minor fixes 1 (#1027)

* fixes

* fixes

* more fixes

* more fixes

* display name fix (#1028)

* remove some deprecated stuff. reorganize a little (#1031)

* Gendocs fix (#1033)

* gendocs updates for subtechniques

* add folders

* ignore auto generated markdown files

* remove tmp files

* add tmp files

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

* navigator layer v3.0

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com>
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-06-17 12:55:46 -06:00
CircleCI Atomic Red Team doc generator 35c42f2c61 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 17:19:25 +00:00
Tsora-Pop 405c8330fc Update T1219.yaml (#970) 
Added logmein download and execution. updated execution commands to reflect $env:username
 2020-05-04 10:47:11 -06:00
Tsora-Pop 483bdf1ea1 Update T1219.yaml (#956) 
fixed TeamViewer command and added AnyDesk test

Co-authored-by: Luminous-InfiniTom <35981510+Luminous-InfiniTom@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-04-27 13:51:19 -06:00
tlor89 cbdafbd3a9 T1219_Update (#900) 
Co-authored-by: Toua Lor <tlor@nti.local>
 2020-03-20 14:35:18 -06:00
Luminous-InfiniTom 381ba9d449 Create T1219.yaml (#838) 
* Create T1219.yaml

Added first atomic for T1219

* spacing corrections

* spacing corrections

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-27 11:04:14 -07:00