09619c17e4
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-04-03 02:10:46 +00:00
5ae956b990
Added new atomic test: Update T1490.yaml ( #2733 )
...
* Added new atomic test: Update T1490.yaml
* Added cleanup_command
2024-04-02 22:10:02 -04:00
12f5d9d323
Update T1490.yaml ( #2677 )
...
* Update T1490.yaml
Fixed a formatting error in #2676
* Update T1490.yaml
add dependency_executor_name field
---------
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2024-02-05 09:48:15 -07:00
2a194cdc34
Added support for T1490 creating shadow copies in Windows 10+ ( #2676 )
...
* Update T1490.yaml
Support for creating shadow copies in Windows 10+
* Update T1490.md
Updating documentation
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-01-31 17:29:42 -06:00
24c9dc3212
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-01-31 23:26:50 +00:00
e9051bed60
Update T1490.yaml "Modify VSS Service Permissions" ( #2668 )
...
* Update T1490.yaml "Modify VSS Service Permissions"
Modify permissions of the VSS service to inhibit system recovery. This test alters the security settings of the Volume Shadow Copy Service (VSS), potentially impacting system recovery operations. It should be conducted only in a controlled environment. The executor must have administrative privileges to modify service permissions. Note that this test does not include a cleanup command; thus, the changes will persist after execution. Ensure that you have a backup or a system recovery plan in place before running this test. Running this test on a production system or critical environment is not recommended without proper precautions.
* Update T1490.yaml
updated guid
* Update T1490.yaml
updated description and clean up command
* Update T1490.yaml
updated indentations
* Update T1490.yaml
* Update T1490.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-01-31 17:26:10 -06:00
363cf9a301
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-08-02 03:23:54 +00:00
13b75193a8
Prakash22 k patch 1 ( #2485 )
...
* Update T1490.yaml
Adding new atomic Test for Windows - vssadmin Resize Shadowstorage Volume
* Update T1490.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-07-17 09:53:17 -06:00
b8066ba181
Disable system restore through registry ( #1818 )
...
* Update T1112.yaml
* Update T1112.yaml
* typos
* Update T1490.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-03-17 10:24:40 -06:00
5bb5878e62
Cleaning up the Cleanup commands ( #1685 )
...
* cleanup fixes
* cleanup fixes
* cleanup fixes
2021-12-09 11:42:14 -07:00
1605c05954
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-09-09 18:05:50 +00:00
fbbdd008ac
Add test Windows - Disable the SR scheduled task ( #1622 )
...
Use schtasks.exe to disable the System Restore (SR) scheduled task
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-09-09 12:05:16 -06:00
da83687a17
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:38 +00:00
373176bcba
T1490 - WBAdmin ( #1375 )
...
* Added wbadmin delete systemstatebackup
* Update T1490.yaml
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
2021-01-23 17:53:20 -07:00
02ac2deb4f
Cleanup fixes ( #1108 )
...
* Cleanup Fixes
* Wrong executor name and missing $ sign in T1553
* Cleanup fixes
* File checks added
* File path error check changed
2020-07-08 15:15:52 -06:00
24549e3866
Convert to Mitre ATT&CK sub-technique schema ( #1056 )
...
* Initial transfer of atomics to MITRE subtechniques
* Add GUIDs back in, attack_technique to string (#1019 )
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* Subtechnique transfer T1220-T1546.005 (#1020 )
* Create T1222.001.yaml
* Create T1222.002.yaml
* Create T1505.002.yaml
* Update T1543.003.yaml
* Update AtomicService.cs
* Update T1546.005.yaml
* Delete T1222.yaml
* Update T1482.yaml
* Update T1485.yaml
* Update T1220.yaml
* Update T1489.yaml
* Update T1490.yaml
* Update T1496.yaml
* Update T1505.003.yaml
* Update T1505.yaml
* Update T1518.001.yaml
* Update T1518.yaml
* Update T1529.yaml
* Update T1543.004.yaml
* Update T1546.001.yaml
* Update T1546.002.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.002.yaml
* Update T1543.001.yaml
* Update T1518.001.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1531.yaml
* Update T1222.001.yaml
* Update T1222.002.yaml
* Update T1505.002.yaml
* Update T1505.003.yaml
* Update T1518.001.yaml
* Update T1543.001.yaml
* Update T1546.005.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.003.yaml
* Update T1543.002.yaml
* added auto_generated_guid 1220
* added T1222.001 auto_generated_guid
* Update T1222.002.yaml
added auto_generated_guid entries
* Update T1482.yaml
auto_generated_guid added
* Update T1485.yaml
added auto_generated_guids
* Update T1489.yaml
added auto_generated_guids
* Update T1490.yaml
added auto_generated_guids
* Update T1496.yaml
added auto_generated_guid
* Update T1505.002.yaml
added auto_generated_guid from old T1505 same atomic
* Update T1505.003.yaml
added auto_generated_guid from previous atomic 1100
* Delete T1505.yaml
no longer needed, moved to 1505.002
* Update T1518.yaml
added auto_generated_guids
* Update T1529.yaml
added auto_generated_guids
* Update T1531.yaml
added auto_generated_guids
* Update T1543.001.yaml
added auto_generated_guid
* Update T1543.002.yaml
added auto_generated_guid
* Update T1543.004.yaml
added auto_generated_guid
* Update T1546.001.yaml
added auto_generated_guid
* Update T1546.002.yaml
added auto_generated_guid
* Update T1546.003.yaml
* Update T1546.004.yaml
added auto_generated_guid
* Update T1546.005.yaml
added auto_generated_guid
* add guids back in
* fix spacing issue
* fix spacing
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Sub-techniques T1053-T1113 - Updates (#1022 )
* Sub-techniques T1053-T1113 - Updates
Updated techniques for sub-techniques.
* minor fixes
format fixing
* Added GUIDs
- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string
* Sub-technique updates T1546.008 through T1574.011 (#1024 )
* sub technique updates
* sub technique updates
* sub technique updates
* Carrie updates (#1017 )
* updated T1110,12,13
* updated T1114
* updated T1114
* updated T1115
* updated T1119
* updated T1123,24
* updated T1127
* updated T1114
* updated T1127
* updated T1132
* T1134.004
* T1134.004
* updated T1135
* updated T1136
* updated T1137
* updated T1140
* remove depracted T1153
* updated T1176
* updated T1197
* updated T1201
* updated T1202
* updated T1204
* updated T1207
* updated T1216
* updated T1204
* updated T1217
* updated T1218
* updated T1218
* updated T1219
* updated T1218
* attack_technique to string
* Subtechnique transfer (#1025 )
* T1003 review
* T1005 manual review changes
* T1027.002 sub-technique review
* T1027.004 sub-technique review
* T1036 sub-technique review
* T1037 sub-technique review
* T1048 sub-technique review
* YAML bugfixes
* Adding auto-generated GUIDs back to tests
* merging with Mike's PR
* Merging with Carrie's PR
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Subtechnique fix (#1026 )
* add atomic_tests: element
* add atomic_tests: element
* more fixes
* more fixes
* more fixes
* sub technique minor fixes 1 (#1027 )
* fixes
* fixes
* more fixes
* more fixes
* display name fix (#1028 )
* remove some deprecated stuff. reorganize a little (#1031 )
* Gendocs fix (#1033 )
* gendocs updates for subtechniques
* add folders
* ignore auto generated markdown files
* remove tmp files
* add tmp files
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
* navigator layer v3.0
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-06-17 12:55:46 -06:00
35c42f2c61
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 17:19:25 +00:00
0725ce58d1
Deduplicate tests in t1485 and t1490 ( #916 )
...
* dedup tests
* fix tests
* Update T1490.yaml
* fix hard-coded execution command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:05:35 -06:00
366c5b8bca
fix tests, update descriptions ( #914 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-30 20:43:07 -06:00
8d4be7584e
T1490 PowerShell deleting shadow copies ( #785 )
...
* Add T1490 test for Sodinokibi VSC deletion
* Generate docs from job=validate_atomics_generate_docs branch=t1490-wmiobject
* Generate docs from job=validate_atomics_generate_docs branch=t1490-wmiobject
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-21 11:39:36 -07:00
1bfefdacfc
Add elevated ( #542 )
...
* provide elevation_required attribute
* provide elevation_required attribute
* provide elevation_required attribute
2019-09-03 07:34:42 -06:00
9a8acbed1f
T1490 Inhibit System Recovery ( #493 )
...
* Update ATT&CK json for technique creation
* T1490 Inhibit System Recovery
2019-05-10 09:35:09 -10:00
Atomic Red Team GUID generator