atomic-red-team

Author	SHA1	Message	Date
CircleCI Atomic Red Team doc generator	8db4f8c2a3	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-20 19:38:18 +00:00
Brian Beyer	ae418fec76	add initial commit of atomics/index.yaml	2018-10-20 13:38:06 -06:00
Brian Beyer	73491d44c2	generate YAML index alongside Markdown indices	2018-10-20 13:36:29 -06:00
Tony M Lambert	305e153881	T1145 Added tests to copy private keys using cp and rsync	2018-10-19 17:42:11 -04:00
Tony M Lambert	4098cd9e09	Minor fix to syntax	2018-10-19 17:27:04 -04:00
Tony M Lambert	abb43d1b4f	T1145 discover SSH keys	2018-10-19 16:36:28 -04:00
Tony M Lambert	ff02488808	Fix the things to pass CircleCI	2018-10-19 16:15:44 -04:00
Tony M Lambert	9a00a05ba0	Added tests for hidden and system file hiding using attrib.exe	2018-10-19 16:11:36 -04:00
caseysmithrc	a91994c5bb	Fixed Bug in Get-Atomic (#376 ) * Fixed Bug in Get-Atomic * Update Get-AtomicTechnique.ps1	2018-10-11 20:28:39 -04:00
CircleCI Atomic Red Team doc generator	664ca4d109	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-12 00:28:10 +00:00
Tony M Lambert	84677cc45c	T1003 Added credential dumping tests (#377 ) * Added test to dump lsass using procdump * Added test to dump lsass.exe using Task Manager * Added offline credential theft using Mimikatz * Added test to dump NTDS.dit using NTDSUtil	2018-10-11 20:27:57 -04:00
CircleCI Atomic Red Team doc generator	efd5688d9d	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-11 17:28:54 +00:00
Tony M Lambert	d6e5210332	T1086 Fileless PowerShell from Registry (#372 ) * T1086 Exec PoSH payload from registry * fixed a syntax issue	2018-10-11 13:28:46 -04:00
caseysmithrc	bd4afde020	T1055 update (#370 ) * Correct T1055 Soruce and Test * Generate docs from job=validate_atomics_generate_docs branch=T1055-Update * Update T1055.cpp	2018-10-04 19:02:30 -07:00
CircleCI Atomic Red Team doc generator	0dfd0a7320	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-04 12:48:25 +00:00
Superbug	36bdfd4731	Some Powershell bugs fixed. (#369 ) * Some Powershell bugs fixed. * Update T1112.md	2018-10-04 05:48:16 -07:00
CircleCI Atomic Red Team doc generator	eb9cf5f42c	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-03 13:57:44 +00:00
Tony M Lambert	fe5a6d68cd	T1088 Bypass User Account Control (EventVwr Bypass) (#362 ) * T1088 Bypass User Account Control * Removed a stray character	2018-10-03 06:57:28 -07:00
Tony M Lambert	0613d660a7	T1035 Service Execution (#363 ) * T1088 Bypass User Account Control * Removed a stray character * T1035 Service Execution * Revert "Removed a stray character" This reverts commit 5ad18700b6239504d9db43942ca90873a18ba8c4. * Revert "T1088 Bypass User Account Control" This reverts commit c675c4d91c6a9469734a080841ee622f4b53d856.	2018-10-03 06:57:23 -07:00
Tony M Lambert	f82f953822	T1216 Signed Script Proxy Execution (#364 ) * T1088 Bypass User Account Control * Removed a stray character * T1216 Signed Script Proxy Execution * Revert "Removed a stray character" This reverts commit 5ad18700b6239504d9db43942ca90873a18ba8c4. * Revert "T1088 Bypass User Account Control" This reverts commit c675c4d91c6a9469734a080841ee622f4b53d856.	2018-10-03 06:57:16 -07:00
Tony M Lambert	27619d3895	T1180 Screensaver (#365 )	2018-10-03 06:57:07 -07:00
Tony M Lambert	aa3bd1b063	T1089 Added test to unload Sysmon filter driver (#366 )	2018-10-03 06:56:58 -07:00
Tony M Lambert	0cb986641d	T1063 Discovery of Sysmon using fltmc.exe (#367 )	2018-10-03 06:56:49 -07:00
Keith McCammon	df9e3737af	Merge pull request #331 from zante/feature-python-test-harness Add contributed Python test harness	2018-10-02 11:57:04 -06:00
CircleCI Atomic Red Team doc generator	7ca21a8da5	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-02 03:54:00 +00:00
Tony M Lambert	75f452195a	T1036 Masquerading (#361 ) * T1036 Masquerading * T1036, not T1306. Duh	2018-10-01 20:53:53 -07:00
CircleCI Atomic Red Team doc generator	4c78e54768	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-02 03:25:26 +00:00
Tony M Lambert	a59c97a4e4	T1153 Source (#356 )	2018-10-01 20:25:17 -07:00
CircleCI Atomic Red Team doc generator	d8af126f49	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-02 03:23:08 +00:00
Tony M Lambert	702a9c7c32	T1009 Binary Padding (#358 ) * T1009 Binary Padding * Update T1009.yaml	2018-10-01 20:23:00 -07:00
Tony M Lambert	6947fbe69d	Added tests for T1206 Sudo Caching (#355 )	2018-10-01 20:22:48 -07:00
Tony M Lambert	2dbe24c325	T1064 Scripting (#357 )	2018-10-01 13:42:14 -07:00
CircleCI Atomic Red Team doc generator	aed844bbc4	Generate docs from job=validate_atomics_generate_docs branch=master	2018-10-01 20:40:44 +00:00
Tony M Lambert	f046d56246	T1027 Obfuscated Files or Information (#359 ) * T1027 Obfuscated Files or Information * Fix extension	2018-10-01 13:40:25 -07:00
Tony M Lambert	e6166c4499	T1217 Browser Bookmark Discovery (#360 )	2018-10-01 13:40:14 -07:00
Lemelin	3649d34631	Fixed the issues with OSX not reporting executors.	2018-10-01 13:40:29 -04:00
Lemelin	a3c0e5b238	Added missing files.	2018-09-28 16:52:48 -04:00
Lemelin	f0f6804345	Adjusted YAML file relative path.	2018-09-28 16:52:03 -04:00
Lemelin	93c27c437b	Moved Python test harness to contrib. Moved 'execution-frameworks/python' to 'execution-frameworks/contrib/python'.	2018-09-28 16:23:20 -04:00
Zac Brown	27fe1066d6	Users/zacbrown/deprecate old powershell executor (#352 ) * Move old PowerShell execution framework to deprecated directory. Signed-off-by: Zac Brown <zacbrown@users.noreply.github.com> * Generate docs from job=validate_atomics_generate_docs branch=users/zacbrown/deprecate-old-powershell-executor	2018-09-28 12:11:08 -07:00
caseysmithrc	a61dbfbbb5	Component Object Model Hijacking (#354 ) * Component Object Model Hijacking * Update T1122.yaml * Generate docs from job=validate_atomics_generate_docs branch=Fix-1122-COMHijack	2018-09-28 12:08:15 -07:00
caseysmithrc	789b2cfc59	Added '---' (#350 )	2018-09-25 11:39:52 -07:00
Keith McCammon	74765edf7e	Merge pull request #349 from redcanaryco/add-related Add a Related section to reference other works	2018-09-21 08:01:44 -06:00
Keith McCammon	37e485ce06	Add a Related section to reference other works	2018-09-21 07:56:54 -06:00
Michael Haag	ba64b21e2a	T1126 fix (#341 ) * Resolve issue #340 Fixed #340 * Generate docs from job=validate_atomics_generate_docs branch=T1126-fix	2018-09-18 08:38:22 -07:00
Zac Brown	1976a539c8	Merge pull request #347 from ForensicITGuy/master MSXSL Bypass Test (T1127 Trusted Dev Utilities)	2018-09-14 23:03:39 -06:00
Tony M Lambert	ef0b8f073e	Hopefully this works remotely now	2018-09-14 20:49:10 -05:00
Tony M Lambert	62ed0f30ab	Fix script again	2018-09-14 20:46:03 -05:00
Tony M Lambert	03adb61ee4	Added remote test, simplified script file	2018-09-14 20:35:48 -05:00
Tony M Lambert	ddd0e81e54	Fix customer name	2018-09-14 16:21:39 -05:00

... 108 109 110 111 112 ...

6538 Commits