security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

5173 Commits

Author SHA1 Message Date
JB 8b855a5139 Added new atomic, 'Modify registry for password downgrade to plain text' (#566) 
* Added new atomic, 'Modify registry for password downgrade to plain text'

* fixed syntax on executor
 2019-09-17 08:44:55 -06:00
CircleCI Atomic Red Team doc generator ac5fb215d5 Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-16 15:09:00 +00:00
JB 29a2fa0539 Added test for deletion of prefetch files (anti-forensic technique) (#564) 
Details:  Adding a new atomic for support on 1107, Delete a single prefetch file.  Deletion of prefetch files is a known anti-forensic technique.  An earlier version of this was drafted by Carrie Roberts (@clr2of8 )

Testing: atomic was tested with success by another jb on Windows 10, powershell with elevated privileges

Associated Issues: will also update the .md page; no issues known
 2019-09-16 09:08:43 -06:00
CircleCI Atomic Red Team doc generator 77d5d88189 Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-13 15:42:16 +00:00
JimmyAstle eab43d92fb Update to T1036 (#562) 
Adding in 3 new techniques realted to popular command interpreter renaming  / running from non-std paths.
 2019-09-13 09:42:01 -06:00
CircleCI Atomic Red Team doc generator fe2539c7de Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-13 14:00:02 +00:00
JimmyAstle 971d5c2b8a Create DLL Hijacking Test - amsi bypass (#561) 
Commiting an AMSI bypass / DLL search order hijacking test.
 2019-09-13 07:59:45 -06:00
CircleCI Atomic Red Team doc generator 29ad17b01d Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-07 01:37:43 +00:00
Carrie Roberts 6f2d67e258 pipe command output to nul to keep things clean (#559) 2019-09-06 19:37:34 -06:00
CircleCI Atomic Red Team doc generator ac22c95011 Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-05 01:04:02 +00:00
Carrie Roberts 75cfe33de9 Add GPP Password test definitions (#551) 
* add gpp tests

* error handling to work with ART

* search all xml files

* add verbose output

* use default path relative to atomics folder
 2019-09-04 19:03:45 -06:00
CircleCI Atomic Red Team doc generator 4bc6eb5ca1 Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 20:13:44 +00:00
Nick McLoota c3dc0dc593 windows subtitle wasn't properly formatted (#527) 2019-09-03 14:13:34 -06:00
CircleCI Atomic Red Team doc generator 6e0c26b97c Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 20:11:38 +00:00
Carrie Roberts 0859cb997a removing descriptions of xxx (left over from template) (#546) 
* removing descriptions of xxx (left over from template)

* update input param descriptions

* description update

* removing descriptions of xxx (left over from template)
 2019-09-03 14:11:18 -06:00
CircleCI Atomic Red Team doc generator 1848f84fda Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 16:04:49 +00:00
Carrie Roberts ce07c60109 double quote fixes (#545) 2019-09-03 10:04:32 -06:00
CircleCI Atomic Red Team doc generator 3899ee00cf Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 15:31:13 +00:00
n0lepointer e4981743f7 Add test for T1217 that looks for bookmarks from Google Chrome browser (#536) 2019-09-03 09:30:58 -06:00
CircleCI Atomic Red Team doc generator 159697cc2e Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 15:21:17 +00:00
CircleCI Atomic Red Team doc generator 84de04b082 Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 13:37:19 +00:00
Carrie Roberts c0405724ec move cleanup/undo commands to cleanup_command attribute (#543) 2019-09-03 07:37:06 -06:00
CircleCI Atomic Red Team doc generator 499c751bcc Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 13:36:10 +00:00
CircleCI Atomic Red Team doc generator d8ac1118b3 Generate docs from job=validate_atomics_generate_docs branch=master 2019-09-03 13:34:56 +00:00
Carrie Roberts 1bfefdacfc Add elevated (#542) 
* provide elevation_required attribute

* provide elevation_required attribute

* provide elevation_required attribute
 2019-09-03 07:34:42 -06:00
CircleCI Atomic Red Team doc generator 440e85a9c8 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-30 15:42:59 +00:00
Carrie Roberts 019b63fdb5 Support for CheckPrereqs and Cleanup Commands (#531) 
* Support for CheckPrereqs and Cleanup Commands

* for powershell executor, report prereqs are met if no prereq_commands are given

* remove invoke call from end of file, commited accidentally
 2019-08-30 09:42:44 -06:00
CircleCI Atomic Red Team doc generator 75c332ac52 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-29 22:18:28 +00:00
Carrie Roberts 9f535f0547 add "elevation_required" attribute to test definition yaml (#532) 
* add elevation_required attribute to test definition yaml

* Update atomic_red_team/atomic_test_template.yaml

Co-Authored-By: Brian Beyer <brianebeyer@users.noreply.github.com>

* Update atomics/T1089/T1089.yaml

Co-Authored-By: Brian Beyer <brianebeyer@users.noreply.github.com>

* Update atomics/T1089/T1089.yaml

Co-Authored-By: Brian Beyer <brianebeyer@users.noreply.github.com>
 2019-08-29 16:18:07 -06:00
CircleCI Atomic Red Team doc generator 604f7cd730 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-28 14:53:16 +00:00
weev3 6e65bbd146 Add T1196(Control Panel Item) (#521) 
* Add test for T1196 that pops calc.exe

* calc.cpl

* Rename T1196.md to T1196.yaml

* Create calc.cpp
 2019-08-28 08:53:05 -06:00
CircleCI Atomic Red Team doc generator 86486588cf Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-27 15:43:54 +00:00
zinint fa19b6b075 Add files via upload (#528) 2019-08-27 09:43:39 -06:00
CircleCI Atomic Red Team doc generator 3206a83186 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-27 15:40:20 +00:00
Makenzie Schwartz 3523ec7a1c T1097 - Move PTT atomic test to appropriate technique (#524) 
* Move Mimikatz PTT atomic from T1075 to T1097

* Update docs
 2019-08-27 09:40:03 -06:00
CircleCI Atomic Red Team doc generator 5898dab7e4 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-27 15:35:27 +00:00
Carrie Roberts 5f846ced08 Add test to T1089 that uninstalls sysmon (#529) 2019-08-27 09:35:15 -06:00
Michael Haag c11d9e847d T1112 bracket fix (#523) 
* Fixed bracket

Fixed bracket causing error.

* Generate docs from job=validate_atomics_generate_docs branch=T1112-bracket-fix
 2019-08-14 10:33:55 -06:00
CircleCI Atomic Red Team doc generator 041777beb9 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-09 14:30:20 +00:00
Trevor Steen 4e979c26ed update formatting (#519) 2019-08-09 08:29:41 -06:00
CircleCI Atomic Red Team doc generator 4e1d01f56d Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-09 14:25:01 +00:00
Trevor Steen e82b207b66 updated code formatting (#520) 2019-08-09 08:24:44 -06:00
CircleCI Atomic Red Team doc generator 421b5c56a3 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-09 14:22:16 +00:00
Makenzie Schwartz fe943551bd Supply Invoke-AppPathBypass with Payload as argument (#522) 2019-08-09 08:21:58 -06:00
caseysmithrc 5f6ad32db2 Fix t1138path (#513) 
* Updating the path and description

* Generate docs from job=validate_atomics_generate_docs branch=fix-t1138path
 2019-06-14 14:06:29 -06:00
CircleCI Atomic Red Team doc generator 587dbb39e5 Generate docs from job=validate_atomics_generate_docs branch=master 2019-06-14 14:55:42 +00:00
caseysmithrc cd32b7cf92 Updated T1118 Path and Code (#510) 
* Update T1118.yaml

* Update T1118.cs
 2019-06-14 08:55:21 -06:00
CircleCI Atomic Red Team doc generator 6988597182 Generate docs from job=validate_atomics_generate_docs branch=master 2019-06-14 12:47:58 +00:00
Alain Homewood 11bbe35ab2 Added T1071 atomics for DNS C2 (#511) 2019-06-14 06:47:35 -06:00
CircleCI Atomic Red Team doc generator f6c457593a Generate docs from job=validate_atomics_generate_docs branch=master 2019-06-14 12:41:14 +00:00