0f5b5b0bd5
T1112 description updates ( #920 )
...
* start work
* remove test that is also in T1027 and fits better there
* delete test, it does the same thing other tests do
* fix spelling
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-02 11:49:51 -06:00
5cd368c0c5
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-02 16:13:23 +00:00
9056faaaee
T1121 and T1158 success description updates and fixes ( #923 )
...
* T1121 updates
* start work
* more fixes
2020-04-02 10:12:37 -06:00
84cad45461
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 14:47:35 +00:00
4937a7c755
added new dump lsass method ( #913 )
2020-04-01 08:46:50 -06:00
b7fc8fbd8f
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 00:25:22 +00:00
0a7e7c7ef5
Update completion descriptions ( #919 )
...
* T1037 Update Descriptions
* add updates
* remove powershell specific terminology
* remove powershell specific terminology
* correct redirect
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:24:55 -06:00
4c6d1b8b70
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 00:23:21 +00:00
5af629b9fc
Update Successful Completion Descriptions ( #918 )
...
* update descriptions
* add additional verification instructions
* Update T1136.yaml
* Update T1138.yaml
* Update T1124.yaml
* Update T1138.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:23:05 -06:00
c4cd523a8d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 00:05:53 +00:00
0725ce58d1
Deduplicate tests in t1485 and t1490 ( #916 )
...
* dedup tests
* fix tests
* Update T1490.yaml
* fix hard-coded execution command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:05:35 -06:00
262ffded5c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 17:47:52 +00:00
220618587d
update tests ( #917 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 11:47:26 -06:00
fd3c196376
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 17:33:24 +00:00
75f534f760
T1089 description updates ( #907 )
...
* start work
* improve tests
* improve test
* text fix
* upgraded prereqs
* Slept on it and made commands more concise
* update description
* add period
* hide error messages, imporve cleanup from temp folder
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 11:32:59 -06:00
5b6d75b14b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 02:43:25 +00:00
366c5b8bca
fix tests, update descriptions ( #914 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-30 20:43:07 -06:00
f77b46439d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 02:40:39 +00:00
3f9b647b29
Update descriptions ( #915 )
2020-03-30 20:40:23 -06:00
51c0b3af71
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-30 19:09:42 +00:00
b23f570d8a
added Dump LSASS.exe Memory using comsvcs.dll to T1003 ( #912 )
...
* added Dump LSASS.exe Memory using comsvcs.dll
* Updated filemod path
* Re-fixed path.
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-03-30 12:56:59 -06:00
2ad2ad0ffd
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-27 20:02:20 +00:00
647222638f
T1086 - Added cleanup command for BloodHound Test ( #911 )
...
* Added cleanup command for BloodHound Test
* Fixed executer and syntax for powershell.
* fixed typo in executor.
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
2020-03-27 14:01:24 -06:00
9bc3004501
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-27 18:00:15 +00:00
685c9d1bfa
T1220_Update ( #910 )
2020-03-27 11:55:23 -06:00
a064b611bb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-27 14:29:27 +00:00
6944366c06
Typo in prereq_command ( #909 )
...
There are two " in the prereq_command in T1035 leading to an error when running the CheckPrereqs flag.
2020-03-27 08:29:04 -06:00
537ce077f9
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-24 23:14:40 +00:00
4e3e9c8096
T1208 documentation ( #908 )
...
* updated success indicator and changed the way to get invoke-kerberoast script in memory
* updated success indicator description
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-24 17:14:21 -06:00
2bccc88206
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-24 23:12:50 +00:00
e7aa7226e4
Fix T1028 T1032 tests issue. ( #906 )
...
T1028 Test2 should run with powershell.
T1032 Test1 missing quoters.
2020-03-24 17:12:31 -06:00
0cf3fa2e43
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-23 23:50:56 +00:00
f9aee9e255
updated success indicatior on tests and fixed part of test1 ( #905 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 17:50:15 -06:00
fb702afdef
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-23 20:57:21 +00:00
1e601b4b9c
Fix description, remove broken test ( #904 )
...
* start work
* fix test to run 64 bit version
* delete broken test
* fix merge conflicts
* merge
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 14:56:18 -06:00
4c7feb56ca
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-23 15:12:03 +00:00
685c735ebc
lastlog is not supported in OSX, at least not in 10.14.6 ( #902 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 09:11:27 -06:00
9476a6348d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-21 22:22:22 +00:00
617c32ac8e
Changed the executor for all windows test to powershell. Modified ( #901 )
...
windows test to actually create file to modify permissions as it
otherwise just fails unless input arguments are specified. Also added
cleanup commands to the windows tests.
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
2020-03-21 16:21:51 -06:00
ab0b391ac0
Updated Descriptions ( #899 )
...
* Updated Descriptions
Batch of description updates to assist with understand what a test will do.
* Update T1055.yaml
* Update T1055.yaml
Trying to fix this...
* Update T1055.yaml
fixing again
* Update T1055.yaml
* spacing fix
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* wording updates
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* remove cmd.exe /c prefix
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* wording update
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* add back tick
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* hashtag stuff
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-03-20 16:48:58 -06:00
a18c66e61d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-20 20:35:45 +00:00
cbdafbd3a9
T1219_Update ( #900 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-20 14:35:18 -06:00
2fd64aed80
Update T1191.inf ( #898 )
...
Changed to correct URL for T1191.sct
2020-03-20 10:29:56 -06:00
e4ce60f9f2
Updated Descriptions ( #897 )
...
* Updated Descriptions
Updated descriptions with what to expect from successful execution.
* Update T1028.yaml
* Update T1028.yaml
* Generate docs from job=validate_atomics_generate_docs branch=description-updates
* move text to description
* Generate docs from job=validate_atomics_generate_docs branch=description-updates
* typo fix
* Generate docs from job=validate_atomics_generate_docs branch=description-updates
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 21:23:10 -06:00
94f2071b59
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-19 22:15:53 +00:00
e42f1f27ab
T1047 documentation ( #896 )
...
* Added descriptions to indicate when the commands works, replaced default host , exe and output format
* removing cleanup test 1,2,3
* fixed platform specific info
* added documentation on test 4
* typo correction
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 16:15:33 -06:00
30f4bc0401
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-19 22:03:11 +00:00
6469c41198
Success Descriptions 3rd Batch ( #895 )
...
* Success Descriptions 3rd Batch
* typo fix
* wording
* typo fix
* improve description
* remove update for now
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 16:02:55 -06:00
8a99c40601
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-19 19:17:26 +00:00
1f74427802
Add completion description and fixes 2nd batch ( #894 )
...
* Add completion description and fixed
* fix spelling
* wording update
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 13:17:08 -06:00
Andrew Beers