security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

6538 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team doc generator 669e685b8d Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:29:25 +00:00
Jake H a4653ac9b5 Updating get_prereq_command to download and install python3 & pip (#2680) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:28:39 -06:00
Atomic Red Team doc generator 1e4d33d15a Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:23:17 +00:00
Jake H 694d2c0778 Removing REM from 95b25212-91a7-42ff-9613-124aca6845a8 due to incorrect execution (#2681) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:22:25 -06:00
publish bot 3f11f5d33a updating atomics count in README.md [ci skip] 2024-02-08 21:17:57 +00:00
Koustav Choudhury c1a770844d Excel spelling typo (#2682) 2024-02-08 15:17:19 -06:00
Atomic Red Team doc generator 02c7d02fe1 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-05 16:49:04 +00:00
Emile Marty 12f5d9d323 Update T1490.yaml (#2677) 
* Update T1490.yaml

Fixed a formatting error in #2676

* Update T1490.yaml

add dependency_executor_name field

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2024-02-05 09:48:15 -07:00
Atomic Red Team doc generator e30f9b573f Generated docs from job=generate-docs branch=master [ci skip] 2024-02-05 16:43:49 +00:00
Atomic Red Team GUID generator a5bf6bad39 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-05 16:43:32 +00:00
Kyaw-Pyiyt-Htet 25515b8f72 Mikoyan dee patch 1 (#2679) 
* Update T1040.yaml

PowerShell cmdlets to capture network traffic

* Update T1040.yaml

* Update T1040.yaml
 2024-02-05 09:42:53 -07:00
sai prashanth pulisetti 0b6af7cafb Merge branch 'master' into patch-7 2024-02-05 10:23:16 +05:30
Atomic Red Team doc generator 0e202df355 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-31 23:30:28 +00:00
Emile Marty 2a194cdc34 Added support for T1490 creating shadow copies in Windows 10+ (#2676) 
* Update T1490.yaml

Support for creating shadow copies in Windows 10+

* Update T1490.md

Updating documentation

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-31 17:29:42 -06:00
Atomic Red Team doc generator ed9cb8cdc7 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-31 23:27:05 +00:00
Atomic Red Team GUID generator 24c9dc3212 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-31 23:26:50 +00:00
sai prashanth pulisetti e9051bed60 Update T1490.yaml "Modify VSS Service Permissions" (#2668) 
* Update T1490.yaml "Modify VSS Service Permissions"

Modify permissions of the VSS service to inhibit system recovery. This test alters the security settings of the Volume Shadow Copy Service (VSS), potentially impacting system recovery operations. It should be conducted only in a controlled environment. The executor must have administrative privileges to modify service permissions. Note that this test does not include a cleanup command; thus, the changes will persist after execution. Ensure that you have a backup or a system recovery plan in place before running this test. Running this test on a production system or critical environment is not recommended without proper precautions.

* Update T1490.yaml

updated guid

* Update T1490.yaml

updated description and clean up command

* Update T1490.yaml

updated indentations

* Update T1490.yaml

* Update T1490.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-31 17:26:10 -06:00
publish bot abbf7b177b updating atomics count in README.md [ci skip] 2024-01-31 23:23:39 +00:00
zaicurity dc264a80f4 Added T1562.010 Test for PowerShell v2 Downgrade (#2670) 
* Added T1562.010 Test for PowerShell v2 Downgrade

* Remove PowerShell Downgrade Attack atomic from T1059.001.yaml
 2024-01-31 17:22:30 -06:00
sai prashanth pulisetti 949710153d Merge branch 'master' into patch-7 2024-01-30 00:56:38 +05:30
Atomic Red Team doc generator 45138fdb07 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-29 16:24:34 +00:00
Atomic Red Team GUID generator 5836fe0a80 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-29 16:24:22 +00:00
sai prashanth pulisetti a5a1cf78fb Update T1041.yaml DNS-Based C2 Data Exfiltration (#2663) 
* Update T1041.yaml DNS-Based C2 Data Exfiltration

Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.

* Update T1041.yaml

updated the changes as requested

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-29 10:23:47 -06:00
publish bot 11e8fd705b updating atomics count in README.md [ci skip] 2024-01-29 16:22:06 +00:00
dependabot[bot] b351059afd Bump jsonschema from 4.20.0 to 4.21.1 (#2667) 
Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.20.0 to 4.21.1.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.20.0...v4.21.1)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-29 10:21:26 -06:00
Atomic Red Team doc generator b98739b474 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-29 15:55:01 +00:00
Jake H a68803c0c3 Adding curly brakets to powershell command to fix issue with interpretation of variables (#2672) 2024-01-29 09:53:35 -06:00
sai prashanth pulisetti ad4029be68 Update T1580.yaml 2024-01-22 20:13:55 +05:30
sai prashanth pulisetti 4841583e48 Update T1580.yaml 
removed description
 2024-01-22 20:08:58 +05:30
sai prashanth pulisetti 444fc52ffe Merge branch 'master' into patch-7 2024-01-21 16:23:14 +05:30
sai prashanth pulisetti 474cbdff8a Update T1580.yaml 2024-01-21 09:52:49 +05:30
sai prashanth pulisetti d50ce7648b Update T1580.yaml 
removed notes and clean up command
 2024-01-21 09:50:36 +05:30
Atomic Red Team doc generator c4fea7a287 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 20:48:23 +00:00
Hare Sudhan fa66c9cd44 Merge branch 'master' into patch-7 2024-01-20 15:48:17 -05:00
publish bot 8a1987a42a updating atomics count in README.md [ci skip] 2024-01-20 20:48:12 +00:00
Atomic Red Team GUID generator fd3e8c05dd Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-20 20:48:10 +00:00
Mohana Shankar D 11c442180e Update T1486.yaml (#2665) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-20 14:47:36 -06:00
Hare Sudhan 4381e0ba8c Merge branch 'master' into patch-7 2024-01-20 15:45:26 -05:00
Atomic Red Team doc generator 6a3a2ede32 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 20:45:01 +00:00
Hare Sudhan e742bcb626 Fix schema validation (#2666) 2024-01-20 14:44:16 -06:00
Hare Sudhan 312df03de5 Merge branch 'master' into patch-7 2024-01-19 23:41:29 -05:00
Atomic Red Team doc generator f6fc008a05 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 04:21:06 +00:00
Atomic Red Team GUID generator e9ab27efff Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-20 04:20:53 +00:00
sai prashanth pulisetti b6fa8857a5 Atomic Test #7 - System Owner/User Discovery Using Command Prompt (#2657) 
* Atomic Test #7 - System Owner/User Discovery Using Command Prompt

Identify the system owner or current user using native Windows command prompt utilities.

* Update T1033.yaml

adjusted - "del %output_path%\\user_info_*.tmp"

* Update T1033.yaml

adjusted output_path with Temp

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-19 22:20:19 -06:00
Zeta 871b418282 Update T1218.yaml (#2646) 
* Update T1218.yaml

add new test "Atbroker.exe (AT) Executes Arbitrary Command via Registry Key"

* Update T1218.yaml

Move to T1546.008

* Update T1546.008.yaml Details: Add new test - Atbroker.exe (AT) Executes Arbitrary Command via Registry Key

Add new test "Atbroker.exe (AT) Executes Arbitrary Command via Registry Key"

* updating atomics count in README.md [ci skip]

---------

Co-authored-by: publish bot <opensource@redcanary.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-19 22:14:16 -06:00
sai prashanth pulisetti dd9242465d Merge branch 'master' into patch-7 2024-01-19 19:00:01 +05:30
Atomic Red Team doc generator 65348695f9 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-18 21:57:17 +00:00
Atomic Red Team GUID generator 9141822411 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-18 21:57:04 +00:00
Bhavin Patel 640330c513 Updated PR 2461 2463 into a new one (#2655) 
* updating ttp

* updating atomics from PR and adding new

* update command

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-18 15:56:30 -06:00
Atomic Red Team doc generator 5c828eca90 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-18 21:54:06 +00:00