security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

5173 Commits

Author SHA1 Message Date
BlueTeamOps a69e08e6ae Updated T1048.003 to include Rclone (#2202) 
* Updated T1048.003 to include Rclone 

Added the use of Rclone to exfiltrate data to an external FTP server.

* Updated the test as discussed.

* Fixed the typo

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-31 13:58:24 -05:00
Atomic Red Team doc generator 8c427d03ea Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 18:55:22 +00:00
Atomic Red Team GUID generator 535c5be594 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-31 18:55:16 +00:00
Paul f5e9554b1a Update T1562.001.yaml (#2216) 
Add Atomic to leverage WMI to exclude a folder within Defender.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-31 13:54:50 -05:00
Atomic Red Team doc generator 43d82f25da Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 18:42:04 +00:00
Carrie Roberts 2589ca7d6f fix missing input arg (#2210) 2022-10-31 13:41:32 -05:00
Alex M 3e33f6c7c2 add missing prereq 2022-10-31 13:26:35 -05:00
Alex M 721db0d11e Add T1547.006 kernel module load and unload tests for MacOS 2022-10-31 12:16:16 -05:00
Atomic Red Team doc generator 40cb9df131 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 14:02:32 +00:00
Atomic Red Team GUID generator cd6e3d15ae Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-31 14:02:26 +00:00
Paul aaf8223501 t1027-006-html-smuggling (#2215) 
Add Atomic for HTML smuggling
 2022-10-31 08:01:55 -06:00
Alex M 44826521e6 rename existing linux capture test 2022-10-30 20:31:35 -05:00
Alex M d9f46753de linux pcap : Add BPF filter and clang-format 2022-10-30 20:27:36 -05:00
Alex M 56a896d90b Add some Linux T1040 packet capture tests using raw sockets 2022-10-30 19:01:59 -05:00
Alex M d2f15451b4 Add two T1040 packet capture tests for macos using /dev/bpf 2022-10-30 18:19:46 -05:00
Alex M 2b06c09045 Add note in description about backgrounditems.btm file 2022-10-30 16:00:54 -05:00
Alex M 04506ef79b update description 2022-10-30 15:49:21 -05:00
Alex M 0fcbe1d052 Add T1547.015 test to add login item via applescript 2022-10-30 15:47:06 -05:00
Hare Sudhan b023b9f42a Merge branch 'master' into tf 2022-10-29 15:02:45 -04:00
Atomic Red Team doc generator 6f0df94b1d Generated docs from job=generate-docs branch=master [ci skip] 2022-10-28 17:46:40 +00:00
DerKi a317977c6b Update T1056.001.yaml (#2208) 
* Update T1056.001.yaml

fix bug: "Input Capture" of T1056.001 not download poweshel script

* update url

I updated the URL to point to the "raw" ps1 file instead of the html page showing the preview. Also removed the input arg for the PS1 since the attack commands call the script directly and don't use the input argument. Also, not likely that users will need to modify that input arg so leaving it out for clarity. Chose to give the full path to the ps1 script in the attack commands instead of changing directories first.

* Update T1056.001.yaml

* Update T1056.001.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-28 12:46:13 -05:00
Atomic Red Team doc generator 69ff63cbeb Generated docs from job=generate-docs branch=master [ci skip] 2022-10-28 17:03:36 +00:00
DerKi 0d4be0fcdc Update T1070.003.yaml (#2209) 
In this command "Set-PSReadLineOption -HistorySaveStyle SaveIncrementally",The "–" correct is "-"
 2022-10-28 12:02:59 -05:00
Jose Enrique Hernandez cf5f597ed8 Merge branch 'master' into tf 2022-10-28 10:32:12 -04:00
Atomic Red Team doc generator c434c577af Generated docs from job=generate-docs branch=master [ci skip] 2022-10-27 20:35:40 +00:00
Carrie Roberts 4fffd2bd92 add dependency executor since it is different than attack cmds (#2203) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-10-27 14:35:07 -06:00
Atomic Red Team doc generator fd90991054 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-27 20:17:13 +00:00
Atomic Red Team GUID generator d3f49a0913 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-27 20:17:07 +00:00
Carrie Roberts 066d82351c New AutoDial DLL persistence atomic (#2207) 
* New AutoDial DLL persistence atomic

* Update T1546.yaml
 2022-10-27 14:16:38 -06:00
Atomic Red Team doc generator a3f9a79d63 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-27 17:12:15 +00:00
Michael Haag 93c92d10b2 Update T1553.005 - Runs lnk now 2022-10-27 11:03:58 -06:00
Hare Sudhan fb016d2185 adding ad module installation 2022-10-26 22:14:40 -04:00
Hare Sudhan 4a1b998747 modifying terraform commands to manual run 2022-10-26 22:12:37 -04:00
Hare Sudhan 72353f72f2 Merge branch 'master' into tf 2022-10-26 16:02:12 -04:00
Atomic Red Team doc generator e149cf9df2 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-26 15:13:43 +00:00
Mohana Shankar D dba79489fb Incomplete Process Termination Process (#2205) 
The Notepad process was not terminating after the command execution
Line Added: 
taskkill /im notepad.exe /t /f > NUL 2>&1
 
The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
 2022-10-26 09:13:05 -06:00
Atomic Red Team doc generator aa218974e7 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-25 00:18:35 +00:00
Atomic Red Team GUID generator d29652b752 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-25 00:18:27 +00:00
Bhavin Patel 8b43cf51f7 Merge branch 'master' into aws_password_spray 2022-10-24 17:16:55 -07:00
Hare Sudhan f2ceee6e92 Merge branch 'master' into tf 2022-10-24 12:28:07 -04:00
Atomic Red Team doc generator e4844d7576 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-24 16:27:34 +00:00
Atomic Red Team GUID generator 890607b6fe Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-24 16:27:28 +00:00
Thomas de Brelaz f710d57e40 T1547.004 new hklm tests (#2196) 
* Created 3 copies of the original HKCU tests but on HKLM

 Committer: Thomas De Brelaz <thockoro@hotmail.com>

* Removed Notify tests, no longer supported in win10 and the tests were broken due to missing dll prerequisite

* re-added notify test

 Committer: Thomas De Brelaz <thockoro@hotmail.com>

 Committer: Thomas De Brelaz <thockoro@hotmail.com>

Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-24 10:27:01 -06:00
Atomic Red Team doc generator 4787dc43e9 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-24 16:19:18 +00:00
Atomic Red Team GUID generator b1048a588d Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-24 16:19:11 +00:00
tccontre 638ba68ee6 Tccontre patch 1 (#2200) 
* Update T1124.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1016.yaml

* Update T1016.yaml

* update test name

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-24 10:18:40 -06:00
Hare Sudhan 9b4c575d76 terraform variable changes 2022-10-24 12:15:48 -04:00
Hare Sudhan 464fee8ba4 Merge branch 'master' into tf 2022-10-23 17:09:50 -04:00
Atomic Red Team doc generator b9aebd1c0e Generated docs from job=generate-docs branch=master [ci skip] 2022-10-21 02:18:13 +00:00
BlueTeamOps f3a038ca78 Remove trailing \ from web_shells default path (#2199) 
xcopy doesn't work when there is a trailing \ in a path. 
default: PathToAtomicsFolder\T1505.003\src\ caused the "Invalid path" error
Removing the trailing \ fixes the issue
 2022-10-20 20:17:29 -06:00