security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

6538 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Adam Mashinchi e82563f86b Merge pull request #2513 from redcanaryco/clr2of8-patch-45 
Update README.md
 2023-08-24 09:58:24 -07:00
Carrie Roberts 955d859cb1 Update README.md 2023-08-21 15:56:13 -06:00
publish bot b27a3cb250 updating atomics count in README.md [ci skip] 2023-08-15 22:54:12 +00:00
Alton Johnson, OSCP, OSCE e2474f6e12 replaced File.exists? with File.exist? (#2511) 2023-08-15 16:53:26 -06:00
Atomic Red Team doc generator ca7374abdb Generated docs from job=generate-docs branch=master [ci skip] 2023-08-15 01:05:57 +00:00
Atomic Red Team GUID generator b472e5f639 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-15 01:05:39 +00:00
CyberBilly7 a82678a616 Update T1564.yaml (#2510) 
NirCmd is used by threat actors to execute commands, which can include recon and privilege escalation via running commands via the SYSTEM account

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-08-14 19:04:57 -06:00
Atomic Red Team doc generator 48e7be16d5 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-15 01:03:29 +00:00
Atomic Red Team GUID generator befa9a2a43 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-15 01:03:08 +00:00
Michael Haag 55301cf3a3 Customshellhost (#2509) 
* Adding CustomShellHost

* Update T1218.yaml

* fixed
 2023-08-14 19:02:11 -06:00
publish bot 0fbf08855e updating atomics count in README.md [ci skip] 2023-08-08 00:37:09 +00:00
dependabot[bot] f882e2cbce Bump jsonschema from 4.18.4 to 4.19.0 (#2508) 2023-08-07 19:36:14 -05:00
Atomic Red Team doc generator 6765527ef0 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-05 00:48:02 +00:00
Atomic Red Team GUID generator 447d3f4705 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-05 00:47:44 +00:00
BlueTeamOps d8aa2f4f70 Create T1098.003.yaml (#2478) 
* Create T1098.003.yaml

* add header info

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
 2023-08-04 19:47:06 -05:00
Atomic Red Team doc generator 6af8c8fe51 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-03 17:15:53 +00:00
Atomic Red Team GUID generator b928bdc3a3 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-03 17:15:35 +00:00
Bhavin Patel ab6b7cf7e0 Merge pull request #2481 from RedinDisguise/master 
Update T1562.001.yaml
 2023-08-03 10:14:50 -07:00
Bhavin Patel 136266bcea Merge branch 'master' into master 2023-08-03 09:33:50 -07:00
Atomic Red Team doc generator eec95b5b86 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-02 03:24:15 +00:00
Atomic Red Team GUID generator 363cf9a301 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-02 03:23:54 +00:00
Hare Sudhan 3032f9e85b tokens added (#2506) 2023-08-01 21:23:11 -06:00
Hare Sudhan a1d082bdbb YAML schema fix (#2505) 
* yaml schema fix

* change yaml structure
 2023-08-01 19:24:22 -06:00
Thomas de Brelaz c1a2085e18 T1547.005 (#2504) 
* updating atomics count in README.md [ci skip]

* fixed old test which was doing a cleanup during execution by saving old values to a temporary key value which can get called later

* removed acronym from name and changed argument name to standard 'payload'

* test using .dll from T1547.002 prevented system restart. reverted test to just creating registry keys but added instructions on how to execute using mimikatz

---------

Co-authored-by: publish bot <opensource@redcanary.com>
Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com>
 2023-08-01 15:19:06 -06:00
tccontre 711586d258 Tccontre max connection per server (#2503) 
* updating atomics count in README.md [ci skip]

* Update T1112.yaml

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2023-08-01 13:22:35 -06:00
MrOrOneEquals1 e967e5d508 Update README.md (#2502) 2023-07-31 19:06:34 -06:00
Alphonsa George 12dbd01398 Modified description for Test 4 (#2500) 
Co-authored-by: alphonsa-01 <NA>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-31 13:53:20 -06:00
Carrie Roberts ad51274666 force push (#2501) 2023-07-31 13:49:40 -06:00
zaicurity 6b7458f211 Add new test "Port-Scanning /24 Subnet with PowerShell" (#2491) 
* Add new test "Port-Scanning /24 Subnet with PowerShell"

Test uses built-in Windows features for portscanning.

* Update T1046.yaml

* typo fix

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-31 10:26:49 -06:00
Carrie Roberts c922d75507 add generate-docs badge (#2499) 2023-07-29 18:42:54 -04:00
Hare Sudhan 20d3a0432f Fix Github action to generate labels for changed atomics (#2497) 2023-07-29 18:23:50 -04:00
Hare Sudhan 0736dfbda9 Fix svg counter (#2498) 
* fix svg counter

* poetry update
 2023-07-29 16:18:41 -06:00
Hare Sudhan b347ec4291 Merge branch 'master' into master 2023-07-29 15:34:40 -04:00
Thomas de Brelaz a78b9ed805 Fixed multiple issues with the atomic test which was broken: (#2490) 
- Added a spool service startype check / update required to execute at boot as the service is dissabled in many VMs,
- Removed reg delete in test preventing successful execution,
- Updated commands to deal more gracefully with errors which were sometimes interrupting cleanup,
- Fixed DLL which was also broken:
- The EnumPrintProcessorDatatypesW needed for execution was not exported
- The Payload code was outside of the EnumPrintProcessorDatatypesW which is the function that gets called when the procesor gets loaded
- Added fixed source and build commands

Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-26 13:50:29 -06:00
RedinDisguise ef1d5049ba Update T1562.001.yaml 2023-07-26 15:11:34 -04:00
RedinDisguise bfd59b94b9 Update T1562.008.yaml 2023-07-26 15:11:07 -04:00
RedinDisguise a02b7b9635 Merge branch 'master' into master 2023-07-26 15:09:35 -04:00
dependabot[bot] 94a98d74d3 Bump jsonschema from 4.18.3 to 4.18.4 (#2492) 
Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.3 to 4.18.4.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.18.3...v4.18.4)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-26 13:04:01 -06:00
dependabot[bot] 89d9a72293 Bump pyyaml from 6.0 to 6.0.1 (#2493) 
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1.
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.1/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/6.0...6.0.1)

---
updated-dependencies:
- dependency-name: pyyaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-26 13:01:26 -06:00
Bhavin Patel 08dae930db Merge pull request #2495 from blueteam0ps/patch-13 
Create T1098.002.yaml
 2023-07-25 11:05:42 -05:00
BlueTeamOps 6bfea60a55 Create T1098.002.yaml 2023-07-25 21:54:21 +10:00
Carrie Roberts 74438b0237 use start-job (#2489) 2023-07-17 13:52:23 -04:00
hRun efcd4e6fba Added test for T1547.012 (#2484) 
* Added test for T1547.012

* optionally restart

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-17 10:20:53 -06:00
dependabot[bot] 34d47bee4c Bump jsonschema from 4.17.3 to 4.18.3 (#2488) 
Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.17.3 to 4.18.3.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.17.3...v4.18.3)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-17 10:17:13 -06:00
Matt McKinley b26ecaa460 Create dependabot.yml (#2482) 
Add automated dependabot pulls for python

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-17 09:55:11 -06:00
Prakash22-k 13b75193a8 Prakash22 k patch 1 (#2485) 
* Update T1490.yaml

Adding new atomic Test for Windows - vssadmin Resize Shadowstorage Volume

* Update T1490.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-07-17 09:53:17 -06:00
frack113 d93ad51c4d T1562.006 Fix test 6 and 7 (#2486) 
* Fix test6 and 7

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Fix Defender key

"KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational"

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-17 09:35:42 -06:00
RedinDisguise 9faa7acc17 Update T1562.008.yaml 
Removing guid field.
 2023-07-12 12:45:00 -04:00
RedinDisguise c1474350a7 Update T1562.008.yaml 2023-07-12 12:29:35 -04:00
Atomic Red Team doc generator 17e2ee6f0e Generated docs from job=generate-docs branch=master [ci skip] 2023-07-12 03:00:11 +00:00