80e983e3d9
Update PyYAML to >= 4.2b1 due to security alert: https://nvd.nist.gov/vuln/detail/CVE-2017-18342 ( #474 )
2019-03-26 11:52:59 -06:00
f69ea2a586
T1022 Updates ( #470 )
...
* T1022 Updates
Bypass PR #351 (some weird issue in there).
Update schema and tab completion.
Credit to @samuelmarticotteBELL
Thanks for the help!
* Update T1022.yaml
Fixed error
* Update T1022.yaml
space fix
* Generate docs from job=validate_atomics_generate_docs branch=T1022
2019-03-26 10:52:37 -07:00
d258111402
BloodHound URLs - T1086 ( #468 )
...
* URLs
Fix url's for issue #465
* Generate docs from job=validate_atomics_generate_docs branch=t1086
2019-03-15 10:02:19 -04:00
a668ff07d9
T1055 process injection ( #460 )
...
* ProcessInjection-FiveAlive
* Generate docs from job=validate_atomics_generate_docs branch=T1055-ProcessInjection
2019-02-17 14:45:00 -08:00
818c2ce55d
DragonsTail ( #458 )
...
Updated URLs to fix #437
2019-02-14 13:43:31 -08:00
7e34cbe7df
ART - Getting Started Made Easy ( #459 )
...
* New Guide + Execution Script
Commit of new script and guide!
* Updated ReadMe
Updated Readme with new instructions
* Fixed typos
Typo gone and ready!
2019-02-14 13:13:13 -08:00
60bc6fd9e1
Add test for T1114 that extracts email from the local outlook instance ( #456 )
2019-02-13 22:10:54 -08:00
a1c83527fb
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-14 06:10:46 +00:00
02dc3e41ab
Certutil update ( #452 )
...
* Fixing certutil syntax error
* Adding certutil download tests
* Adding commands to rename download for verifyctl argument
* Fixing type syntax
2019-02-13 22:10:39 -08:00
e0d70c657d
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-14 06:09:52 +00:00
d490f345a7
T1005 Safari CookieMiner Test ( #454 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* Added Safari cookie search CookieMiner test
2019-02-13 22:09:44 -08:00
f2d16ae0c7
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-14 06:09:31 +00:00
9b52b9ff4b
T1074 update for OSX and Linux ( #457 )
...
* Add test for T1114 that extracts email from the local outlook instance
* Update T1074 with Linux and OSX staged data tests
2019-02-13 22:09:23 -08:00
7f9c193f6c
update gems for security patches
2019-02-07 14:59:52 -07:00
6566bb640a
Chain Reaction for IoT Mirai Malware Derivative Infections ( #449 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* Mirai IoT Chain Reaction
2019-02-06 10:52:56 -08:00
ec383fbb3c
Install-AtomicRedTeam Script ( #450 )
...
* Initial Commit
* Update install-atomicredteam.ps1
* Update install-atomicredteam.ps1
* Update install-atomicredteam.ps1
* Final
@caseysmithrc Please review.
* license fix
license update
* Update install-atomicredteam.ps1
2019-02-06 10:52:40 -08:00
8e2ec0aae1
CookieMiner Chain Reaction ( #451 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* CookieMiner initial commit
* fix binary stuff
* Make quieter
* Ready for primetime
2019-02-06 10:52:31 -08:00
a53eb4d327
Update t1003 url ( #405 )
...
* update url
* Generate docs from job=validate_atomics_generate_docs branch=Update-T1003-url
2019-02-06 10:52:11 -08:00
a69319c513
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-05 21:05:39 +00:00
0c445be847
Update T1088.md ( #436 )
...
This test needs to use Powershell.
2019-02-05 13:05:31 -08:00
c7142a4487
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-05 21:05:23 +00:00
b831127ab2
T1055 - Test for shared library injection on Linux ( #448 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* T1055 - Added test for /etc/ld.so.preload addition
2019-02-05 13:05:15 -08:00
895c6f2d4f
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-05 21:05:01 +00:00
469372005c
T1070 - Overwrite Mail Spool/Log File ( #447 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* T1070 - Overwrite Mail/Log Tests from Rocke
2019-02-05 13:04:53 -08:00
0ff328c3ba
T1107 - Filesystem Deletion from Amnesia malware ( #446 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* T1107 - Delete Filesystem Test from Amnesia malware
2019-02-05 13:04:44 -08:00
8c7abb226e
T1168 Improve Cron tests, add additional one ( #445 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* T1168 - Improvements and additional cron tests
2019-02-05 13:04:36 -08:00
4212ca043e
T1136 - useradd Linux test to replicate backdoor account from Butter ( #444 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
* T1136 - Added useradd Linux test to replicate Butter attacks pattern
2019-02-05 13:04:27 -08:00
735447ace8
Generate docs from job=validate_atomics_generate_docs branch=master
2019-02-05 21:04:08 +00:00
79494d45a7
Changing file extension to yaml to match content ( #442 )
2019-02-05 13:03:58 -08:00
509bb5f3a1
T1222 - chattr test ( #440 )
2019-02-05 13:03:48 -08:00
f0985c5444
Chain Reaction - Rocke and Roll ( #443 )
...
* initial commit
* modified output style
* final url changes
* Update rocke-and-roll-stage-01.sh
2019-01-24 08:22:38 -08:00
805deeee31
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-21 19:49:11 +00:00
baba01109e
adding SSP mod simulation ( #438 )
...
* adding SSP mod simulation
* Update T1101.md
2019-01-21 11:49:01 -08:00
da88f2baa2
T1099 Timestomp test with Rocke example ( #439 )
2019-01-21 11:48:46 -08:00
e74554992e
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 22:14:59 +00:00
4f5c279c61
T1009 - Adjust test with variable for execution ( #418 )
2019-01-16 14:14:49 -08:00
37ca7e5fd0
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 17:25:14 +00:00
6b6f4beae5
Update flag for cmd.exe ( #416 )
2019-01-16 09:25:04 -08:00
c65ed5d77e
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 17:24:56 +00:00
d76e946bc2
T1002 - Reorganize tests for better execution with framework ( #417 )
2019-01-16 09:24:48 -08:00
87bd65c63c
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 17:24:38 +00:00
832a907d54
T1174 Password Filter DLL PoSH test ( #420 )
2019-01-16 09:24:29 -08:00
d8510e729b
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 17:24:16 +00:00
78bedf0e45
T1107 Fix wbadmin test ( #421 )
2019-01-16 09:24:09 -08:00
dfabc52d64
T1107 File Deletion reorg with variables ( #423 )
2019-01-16 09:23:55 -08:00
bb07c4ac15
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 17:23:40 +00:00
61ffc53425
Register-CimProvider Atomic test ( #435 )
...
A quick atomic test that utilizes register-cimprovider to execute a dll that pops calc.
2019-01-16 09:23:29 -08:00
7554e9b644
Generate docs from job=validate_atomics_generate_docs branch=master
2019-01-16 16:17:22 +00:00
5c3f5b6389
Merge pull request #424 from ForensicITGuy/t1166-setuidgid
...
T1166 SetUID SetGID add tests with variables
2019-01-16 09:17:12 -07:00
063e489114
Generate docs from job=validate_atomics_generate_docs branch=master
2018-12-13 16:07:16 +00:00
Zac Brown