security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

5173 Commits

Author SHA1 Message Date
CircleCI Atomic Red Team doc generator bcedc9a826 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-02 15:24:25 +00:00
CircleCI Atomic Red Team GUID generator 216113c9bf Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-09-02 15:24:20 +00:00
Michael Haag ab822b2208 Trust Reconnaissance (#1616) 
Two simple Atomic Tests for domain and forest trust information.
 2021-09-02 09:23:44 -06:00
CircleCI Atomic Red Team doc generator 38b2b2f2d3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-30 19:52:44 +00:00
CircleCI Atomic Red Team GUID generator 7e4f6a4b88 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-30 19:52:38 +00:00
Brian Thacker aca73307fa Add test "Remove the Zone.Identifier alternate data stream" (#1612) 
Add test "Remove the Zone.Identifier alternate data stream". Test command removes the zone.identifier. The cleanup command adds the zone.identifier with the id for "internet". Check prereq checks that the test file exists. Get prereq gets the file from the internet and adds the zone.identifier with the id for "internet". 
More info:
https://www.howtogeek.com/70012/what-causes-the-file-downloaded-from-the-internet-warning-and-how-can-i-easily-remove-it/
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/unblock-file?view=powershell-7
https://www.reddit.com/r/PowerShell/comments/6yyf07/remove_alternate_data_streams/dmrb6zl/

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-30 13:52:02 -06:00
CircleCI Atomic Red Team doc generator e95076c17d Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-30 19:16:31 +00:00
CircleCI Atomic Red Team GUID generator 78a438c687 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-30 19:16:26 +00:00
Araveti Esanya Reddy 5bda040ce8 Updated O365-Disable-AntiPhishRule test (#1611) 
* updated O365-Disable-AntiPhishRule test

* updated as per review comments

Co-authored-by: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-30 13:15:58 -06:00
CircleCI Atomic Red Team doc generator a0cf92ca59 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 20:09:31 +00:00
CircleCI Atomic Red Team GUID generator cf00395732 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 20:09:26 +00:00
DS 173155eaa6 T1134.002 - Access Token Manipulation: Create Process with Token (#1601) 
* Create T1134.002.yaml

* Add files via upload

* Create GetToken.ps1

* Add files via upload

* Delete T1134.002.yaml

* Add files via upload

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-27 14:09:00 -06:00
CircleCI Atomic Red Team doc generator 1f4a8b9565 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 20:04:57 +00:00
CircleCI Atomic Red Team GUID generator 7e88e14db9 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 20:04:52 +00:00
Ayantaker a069f3233c Added a new technique T1041 - Exfiltration Over C2 Channel (#1593) 
* Added a new technique T1041 - Exfiltration Over C2 Channel

* use filepath variable throughout

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-27 14:04:22 -06:00
CircleCI Atomic Red Team doc generator 93a6ff56d0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 19:58:05 +00:00
CircleCI Atomic Red Team GUID generator b7d3dbb3f4 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 19:57:59 +00:00
Ján Trenčanský 521b1abc16 T1555 enumeration with vaultcmd (#1581) 
* Extract credentials from Windows Credential Manager using vaultcmd.exe

* Replace external script dependency in T1555 with powershell command

* Add tests for both vaults in T1555

* T1555 fix name and description

* Revert "Replace external script dependency in T1555 with powershell command"

This reverts commit d8d6a7cf2bbc94a8240643ca600d9be62e0b697e.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-27 13:57:24 -06:00
CircleCI Atomic Red Team doc generator 06d792aed3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 16:58:23 +00:00
Carl 6c7b4eabd8 Merge branch 'master' into T1553.004_cleanup_test1 2021-08-27 06:47:14 -10:00
CircleCI Atomic Red Team doc generator eb62bcd9fc Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 15:57:14 +00:00
CircleCI Atomic Red Team GUID generator 509d87ad1e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 15:57:09 +00:00
Carl 7c7745c98f Merge branch 'master' into T1556.003-pam 2021-08-27 05:55:56 -10:00
CircleCI Atomic Red Team doc generator a7ff562b6e Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 15:54:05 +00:00
CircleCI Atomic Red Team GUID generator eac3cad041 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 15:54:00 +00:00
Carl 13136ba535 Merge branch 'master' into master 2021-08-27 05:50:15 -10:00
CircleCI Atomic Red Team doc generator 9f9d549bf5 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 15:36:59 +00:00
CircleCI Atomic Red Team GUID generator fb345d8ace Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-27 15:36:54 +00:00
Carl bb56e3718d Merge branch 'master' into T1056.001 2021-08-27 05:23:17 -10:00
CircleCI Atomic Red Team doc generator b10fa043d1 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-23 21:09:34 +00:00
Arioch 50e36cb7e7 Update hardcoded Mimikatz releases download URLs (#1604) 
* update references to hardcoded mimikatz releases

* update invoke-webreauest parameters

* apply -UseBasicParsing consistently to Invoke-WebRequest calls

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-23 15:08:54 -06:00
CircleCI Atomic Red Team doc generator c2601f14ed Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-23 21:07:19 +00:00
CircleCI Atomic Red Team GUID generator 049c18afad Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-23 21:07:15 +00:00
gregclermont 9da37dabc8 Add T1113 test for CopyFromScreen API (#1610) 2021-08-23 15:06:58 -06:00
CircleCI Atomic Red Team doc generator 69aa9d859d Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-20 20:18:22 +00:00
CircleCI Atomic Red Team GUID generator 2b02f77332 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-20 20:18:17 +00:00
Brandon Morgan ad98393d8b rubeus-kerberoasting (#1609) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-20 14:17:49 -06:00
CircleCI Atomic Red Team doc generator f72d8699bf Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-19 15:03:48 +00:00
CircleCI Atomic Red Team GUID generator c7ff36af56 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-19 15:03:43 +00:00
piaconsigny 51cdbea1d0 Merge branch 'master' into pr-domain-trust-modif 2021-08-19 16:21:00 +02:00
piaconsigny 364bfbe5e9 Merge branch 'master' into pr-adfs-certificates-theft 2021-08-19 16:20:39 +02:00
piaconsigny ad57ab326d Merge branch 'master' into pr-golden-saml 2021-08-19 16:19:49 +02:00
CircleCI Atomic Red Team doc generator 9b8c28e748 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-19 14:15:53 +00:00
piaconsigny 07962d0e39 add newline at eof 2021-08-19 12:14:46 +02:00
piaconsigny e3f54a4343 add domain trust modification 2021-08-19 12:04:39 +02:00
piaconsigny 9221258a22 add golden saml attack 2021-08-19 11:51:28 +02:00
piaconsigny 0fd43a3d63 add adfs certificates theft 2021-08-19 11:20:48 +02:00
CircleCI Atomic Red Team doc generator 7110df3098 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-18 21:27:57 +00:00
Arioch 5ea85dab6d T1055-2: update mimikatz download url (#1602) 
* update mimikatz download url

* fix minor typo

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-08-18 15:27:26 -06:00
CircleCI Atomic Red Team doc generator 37ce8d9be8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-08-18 21:17:37 +00:00