5ede8f21e4
Generated docs from job=generate-docs branch=master [ci skip]
2025-02-13 22:03:40 +00:00
011d389fd6
Generated docs from job=generate-docs branch=master [ci skip]
2024-10-28 20:27:18 +00:00
87085643f8
Added new atomic - T1518.001.yaml ( #2965 )
2024-10-28 13:26:16 -07:00
f64434da24
Generated docs from job=generate-docs branch=master [ci skip]
2024-04-27 17:50:49 +00:00
ad2d7c8f13
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-06 22:42:54 +00:00
62a85c12b5
FreeBSD changes ( #2585 )
...
* freebsd changes
* renaming freebsd to linux
2023-11-06 17:41:43 -05:00
4d6c4e8e23
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-02 00:56:51 +00:00
16b5287208
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-02 00:56:30 +00:00
2c1db3e4dd
Merge branch 'master' into master
2023-11-01 19:10:13 -04:00
5e4a0cea17
Generated docs from job=generate-docs branch=master [ci skip]
2023-10-03 17:49:04 +00:00
34e755969e
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-10-03 17:48:44 +00:00
9026f98900
Added few new tests for T1518.001 and also rdrleakdiag.exe test accessing lsass ( #2550 )
...
* Added lolbin rdrleakdiag support for lsass dumping and some Security Software Discovery tests
* Changes done as suggested
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-10-03 11:48:00 -06:00
3b8d0af302
Remove auto_generated_guid lines from new entries
...
Some other tiny modifications
2023-06-09 09:11:41 -05:00
86913f3573
Merge branch 'master' of https://github.com/alonsobsd/atomic-red-team
2023-06-01 22:03:39 -05:00
b1f3c968f2
Generated docs from job=generate-docs branch=master [ci skip]
2023-05-19 17:06:33 +00:00
f1c5a9be03
Add FreeBSD support
2023-05-08 11:06:08 -05:00
60a4735f82
add check for McAffee related processes ( #2401 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-04-24 19:37:55 -05:00
d0dad62dbc
Generated docs from job=generate-docs branch=master [ci skip]
2022-09-23 22:57:18 +00:00
819934cc3f
Generated docs from job=generate-docs branch=master [ci skip]
2022-06-16 22:47:00 +00:00
36d49de4c8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-24 17:04:33 +00:00
575b36a8e6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-24 15:16:54 +00:00
c14c0357dc
[OSCD Sprint #2 ] Final Pull Request / Summary ( #1431 )
...
* Updating T1016 to include macos firewall enumeration
* Tests added
* standardize display name
* Add tests for T1134.001 Access Token Impersonation/Theft (#1236 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* adding socketfilterfw and cleaning up description formatting, adding description details
* Changing to device manufacturer based test
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Add test for T1006 Direct Volume Access (#1254 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] T1036.004: Masquerade Task or Service - 2 tests (#1253 )
* T1036.004 - 2 tests added
* Update T1036.004.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* T1136.002 - 2 tests added (#1252 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] Create atomic test for T1113 for Windows (#1251 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* update T1564.002
* update T1564.002
* add Gatekeeper disable; add cleanup for security tools disable; add another launchagent for carbon black defense; remove Gatekeeper disable command from Gatekeeper bypass technique
* Added T1562.006 tests to emulate indicator blocking by modifying configuration files
* split linux and macos tests for TT1518.001; update processes list
* Update T1518.001.yaml
* Removed prereq and fixed command endings
* Indirect command execution - conhost (#1265 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] Office persiststence : Office test (#1266 )
* Office persiststence : Office test
* Added technique details
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Remove index files to avoid CI complaints.
* Grr
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Update T1518.001.yaml
* [OSCD] Adding T1547.010 (#1264 )
* Port monitor addition
* Rename T1547.010.yml to T1547.010.yaml
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Fixed typos in test names
Co-authored-by: remotephone@gmail.com <remotephone@gmail.com >
Co-authored-by: haresudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
Co-authored-by: gregclermont <580609+gregclermont@users.noreply.github.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carl <57147304+rc-grey@users.noreply.github.com >
Co-authored-by: mrblacyk <kweinzettl@gmail.com >
Co-authored-by: sn0w0tter <42819997+sn0w0tter@users.noreply.github.com >
Co-authored-by: Yugoslavskiy Daniil <yugoslavskiy@gmail.com >
Co-authored-by: yugoslavskiy <daniil@yugoslavskiy.com >
Co-authored-by: omkargudhate22 <36105402+omkar72@users.noreply.github.com >
Co-authored-by: Keith McCammon <keith@redcanary.com >
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
2021-04-19 11:49:59 -06:00
910a2a764a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
2cc5348312
Fix T1551 to T1070 ( #1161 )
...
* Fix T1551 to T1070
Found that we had T1070 labeled incorrectly as T1551. MITRE pushed a fix for this per https://attack.mitre.org/resources/updates/updates-july-2020/
```
Indicator Removal on Host Was incorrectly re-IDd to T1551, restored to T1070 and its sub-techniques were changed to T1070.001, T1070.002, T1070.003, T1070.004, T1070.005, and T1070.006
```
* Generate MD fix
Attempting to get the MD to generate
* Update enterprise-attack.json
* Generate docs from job=validate_atomics_generate_docs branch=T1070-indicator-removal-fix
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-08-01 09:46:06 -06:00
8a82e9b66a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-06-18 01:57:35 +00:00
83dce0dcfa
Fix macOS tests ( #1059 )
...
* Fix macOS tests
* Fix typo in T1574.006
* Replaced zsh with bash, add prereq_command
* Fix test name in T1053.004
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-06-17 19:57:14 -06:00
24549e3866
Convert to Mitre ATT&CK sub-technique schema ( #1056 )
...
* Initial transfer of atomics to MITRE subtechniques
* Add GUIDs back in, attack_technique to string (#1019 )
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* Subtechnique transfer T1220-T1546.005 (#1020 )
* Create T1222.001.yaml
* Create T1222.002.yaml
* Create T1505.002.yaml
* Update T1543.003.yaml
* Update AtomicService.cs
* Update T1546.005.yaml
* Delete T1222.yaml
* Update T1482.yaml
* Update T1485.yaml
* Update T1220.yaml
* Update T1489.yaml
* Update T1490.yaml
* Update T1496.yaml
* Update T1505.003.yaml
* Update T1505.yaml
* Update T1518.001.yaml
* Update T1518.yaml
* Update T1529.yaml
* Update T1543.004.yaml
* Update T1546.001.yaml
* Update T1546.002.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.002.yaml
* Update T1543.001.yaml
* Update T1518.001.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1531.yaml
* Update T1222.001.yaml
* Update T1222.002.yaml
* Update T1505.002.yaml
* Update T1505.003.yaml
* Update T1518.001.yaml
* Update T1543.001.yaml
* Update T1546.005.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.003.yaml
* Update T1543.002.yaml
* added auto_generated_guid 1220
* added T1222.001 auto_generated_guid
* Update T1222.002.yaml
added auto_generated_guid entries
* Update T1482.yaml
auto_generated_guid added
* Update T1485.yaml
added auto_generated_guids
* Update T1489.yaml
added auto_generated_guids
* Update T1490.yaml
added auto_generated_guids
* Update T1496.yaml
added auto_generated_guid
* Update T1505.002.yaml
added auto_generated_guid from old T1505 same atomic
* Update T1505.003.yaml
added auto_generated_guid from previous atomic 1100
* Delete T1505.yaml
no longer needed, moved to 1505.002
* Update T1518.yaml
added auto_generated_guids
* Update T1529.yaml
added auto_generated_guids
* Update T1531.yaml
added auto_generated_guids
* Update T1543.001.yaml
added auto_generated_guid
* Update T1543.002.yaml
added auto_generated_guid
* Update T1543.004.yaml
added auto_generated_guid
* Update T1546.001.yaml
added auto_generated_guid
* Update T1546.002.yaml
added auto_generated_guid
* Update T1546.003.yaml
* Update T1546.004.yaml
added auto_generated_guid
* Update T1546.005.yaml
added auto_generated_guid
* add guids back in
* fix spacing issue
* fix spacing
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Sub-techniques T1053-T1113 - Updates (#1022 )
* Sub-techniques T1053-T1113 - Updates
Updated techniques for sub-techniques.
* minor fixes
format fixing
* Added GUIDs
- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string
* Sub-technique updates T1546.008 through T1574.011 (#1024 )
* sub technique updates
* sub technique updates
* sub technique updates
* Carrie updates (#1017 )
* updated T1110,12,13
* updated T1114
* updated T1114
* updated T1115
* updated T1119
* updated T1123,24
* updated T1127
* updated T1114
* updated T1127
* updated T1132
* T1134.004
* T1134.004
* updated T1135
* updated T1136
* updated T1137
* updated T1140
* remove depracted T1153
* updated T1176
* updated T1197
* updated T1201
* updated T1202
* updated T1204
* updated T1207
* updated T1216
* updated T1204
* updated T1217
* updated T1218
* updated T1218
* updated T1219
* updated T1218
* attack_technique to string
* Subtechnique transfer (#1025 )
* T1003 review
* T1005 manual review changes
* T1027.002 sub-technique review
* T1027.004 sub-technique review
* T1036 sub-technique review
* T1037 sub-technique review
* T1048 sub-technique review
* YAML bugfixes
* Adding auto-generated GUIDs back to tests
* merging with Mike's PR
* Merging with Carrie's PR
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Subtechnique fix (#1026 )
* add atomic_tests: element
* add atomic_tests: element
* more fixes
* more fixes
* more fixes
* sub technique minor fixes 1 (#1027 )
* fixes
* fixes
* more fixes
* more fixes
* display name fix (#1028 )
* remove some deprecated stuff. reorganize a little (#1031 )
* Gendocs fix (#1033 )
* gendocs updates for subtechniques
* add folders
* ignore auto generated markdown files
* remove tmp files
* add tmp files
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
* navigator layer v3.0
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-06-17 12:55:46 -06:00
Atomic Red Team doc generator