security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

6538 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony M Lambert f344a573b7 Add MSXSL test to T1127 2018-09-14 16:20:25 -05:00
Zac Brown b85c21bb00 Merge pull request #346 from redcanaryco/T1140-Add 
T1140 - certutil rename and decode
 2018-09-14 08:25:39 -06:00
CircleCI Atomic Red Team doc generator d0a5bb7762 Generate docs from job=validate_atomics_generate_docs branch=T1140-Add 2018-09-14 13:34:52 +00:00
Michael Haag 52ca3f8b1b Added certutil rename 
Reference: https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html

https://twitter.com/ItsReallyNick/status/1040402921777782784
 2018-09-14 08:34:29 -05:00
Zac Brown 4f31d6ac09 Merge pull request #339 from MSAdministrator/modified_execution_functions_and_readme 
Modified Invoke-AtomicRedTeam functions and README
 2018-09-13 21:06:26 -06:00
Josh Rickard 9aeecf2694 Added Pester tests and modified Manifest file 2018-09-13 22:55:35 -04:00
Josh Rickard e81485b3e2 Converted Invoke-AtomicRedTeam to PowerShell Script Module 2018-09-13 22:00:50 -04:00
CircleCI Atomic Red Team doc generator 8b6116bffc Generate docs from job=validate_atomics_generate_docs branch=master 2018-09-13 20:33:22 +00:00
Michael Haag a01d08725b Merge pull request #343 from JimmyAstle/T1191-synax-fix 
Minor update to cmstp.exe syntax
 2018-09-12 08:08:19 -04:00
Jimmy Astle d5a791015b Minor update to cmstp.exe syntax 
need to add teh /s so this test runs without user interaction
 2018-09-11 15:36:29 -04:00
Michael Haag 6c0620f855 Merge pull request #342 from 2xyo/patch-1 
T1117: Fix path of RegSvr32.sct
 2018-09-11 10:05:46 -04:00
2*yo 909df7b204 Fix path of RegSvr32.sct 
`RegSvr32.sct` isn't in the `bin` folder.
 2018-09-11 15:49:39 +02:00
Josh Rickard 5130db160b Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
caseysmithrc 18ae6fb97a Merge pull request #335 from MSAdministrator/T1193-modifying-download-of-payload 
Added test for T1193 that downloads a macro-enabled excel sheet
 2018-09-06 21:33:25 -06:00
caseysmithrc 41073650e6 Merge pull request #338 from MSAdministrator/origin/T1060-adding-removal-of-registry-keys 
Adding removal of registry keys for T1060 based on issue #328
 2018-09-06 21:31:50 -06:00
Josh Rickard 823766d2c9 Adding removal of registry keys for T1060 based on issue #328 2018-09-06 21:56:10 -04:00
Josh Rickard 0738765238 Removing outdated tests for T1193 and Office/excel pre-check to test 2018-09-06 21:20:14 -04:00
Michael Haag 068a5fa98e Merge pull request #325 from redcanaryco/Invoke-AtomicRedTeam 
Invoke atomic red team
 2018-09-06 16:42:51 -04:00
caseysmithrc 86ffa9f37c Fix All The Things 2018-09-06 12:18:17 -06:00
caseysmithrc 4fd7dd3cce Fix Error Message 2018-09-06 11:45:06 -06:00
caseysmithrc de3c2b6684 IMport-Module cleaner 2018-09-06 09:34:39 -06:00
caseysmithrc 0ed64ddf4a Merge pull request #336 from MSAdministrator/T1112-modifying-the-registry 
Add test for T1112 that modifies registry keys
 2018-09-06 07:23:03 -06:00
caseysmithrc 7aa0e28a90 Merge pull request #332 from redcanaryco/PowerShell-Executor.Command-Properties 
Power shell executor.command properties
 2018-09-06 07:06:14 -06:00
Michael Haag d02c38650e Merge pull request #334 from redcanaryco/Fix-T1170 
Fixed T1170 execution command
 2018-09-06 08:02:08 -04:00
Josh Rickard 28c470b40c Add test for T1112 that modifies registry keys 2018-09-05 23:46:44 -04:00
Josh Rickard aa7e700a93 Added test for T1193 that downloads an macro-enabled excel sheet and opens your default web-browser 2018-09-05 21:49:22 -04:00
CircleCI Atomic Red Team doc generator 8778460f74 Generate docs from job=validate_atomics_generate_docs branch=Fix-T1170 2018-09-05 19:56:09 +00:00
caseysmithrc 7735933ba7 Fixed T1170 execution command 2018-09-05 13:55:53 -06:00
caseysmithrc af2e5938e1 Fixed Error Message 2018-09-05 13:45:45 -06:00
caseysmithrc 747f5909d0 correct demo examples 2018-09-05 13:17:51 -06:00
CircleCI Atomic Red Team doc generator 36b00a7d20 Generate docs from job=validate_atomics_generate_docs branch=PowerShell-Executor.Command-Properties 2018-09-05 18:58:23 +00:00
Michael Haag 165ab03d68 t1086 
fixed a executor
 2018-09-05 14:58:05 -04:00
Zac Brown f6c6cb2e28 Remove spurious spaces. 2018-09-05 10:56:55 -07:00
Zac Brown 2fd67101fe Format harder. 
Signed-off-by: Zac Brown <zacbrown@users.noreply.github.com>
 2018-09-05 10:53:39 -07:00
caseysmithrc 860a78908a Best PowerShell Script EVEr Written 2018-09-05 11:48:10 -06:00
caseysmithrc 7073f4274e Merge pull request #330 from redcanaryco/T1126 
T1126 fix
 2018-09-05 11:47:18 -06:00
caseysmithrc a1b44d2b6b Dependency Confrimation and Style fix 2018-09-05 11:17:31 -06:00
Lemelin fcff42d14b Fixed documentation issues. 2018-09-05 12:50:57 -04:00
CircleCI Atomic Red Team doc generator c03d202bd5 Generate docs from job=validate_atomics_generate_docs branch=PowerShell-Executor.Command-Properties 2018-09-05 15:35:37 +00:00
Michael Haag b512869c36 Powershell fixes 
Fixed per issue #322
 2018-09-05 11:35:24 -04:00
Michael Haag 626deed1ad T1033 fix 
Typo on T1033
 2018-09-05 11:25:52 -04:00
Michael Haag 7b57631c20 T1126 fix 
Fixed per issue #329
 2018-09-05 11:17:19 -04:00
Lemelin 3a802faa98 Implemented Python test harness. 
The Python test harness currently works with with Windows and Linux,
implements interactive and non-interactive usage and offers tracking of
technique modifications so that you do not run techniques automatically
when they are updated.
 2018-09-05 11:06:10 -04:00
Michael Haag a48a8de6da Merge pull request #324 from redcanaryco/technique-fixup-cs 
Technique fixup cs
 2018-09-05 10:45:28 -04:00
Michael Haag 643472f5ee Merge pull request #327 from redcanaryco/Fix-T1179 
Fix t1179
 2018-09-05 09:38:08 -04:00
Michael Haag ae0022cc32 Merge pull request #326 from redcanaryco/Fix-T1121 
Fix T1121
 2018-09-05 09:36:22 -04:00
Michael Haag f19fb29bfa Merge pull request #311 from redcanaryco/rootkit-T1014-Windows 
Rootkit T1014 windows
 2018-09-05 09:35:51 -04:00
caseysmithrc 11e9f88a62 Merge branch 'Fix-T1179' of https://github.com/redcanaryco/atomic-red-team into Fix-T1179 2018-09-05 07:35:12 -06:00
caseysmithrc 9e542eaad5 Removed MessageBox Prompt 2018-09-05 07:35:05 -06:00
CircleCI Atomic Red Team doc generator 7e8594e288 Generate docs from job=validate_atomics_generate_docs branch=Fix-T1179 2018-09-05 13:31:22 +00:00