security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

6538 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
BaffledJimmy 799ea20a95 Amend regkey path for Macro security level (#1515) 
* Amend regkey path for Macro security level

As shown in this image - https://www.mdsec.co.uk/wp-content/uploads/2020/11/image-2-768x191.png.webp - the correct regkey is \Level\. The existing ```reg add``` syntax will not create a Level value with a DWORD of 4 (disable all).  Also changed the regkey to 1 (enable all macros without notif).

```
4 = Disable all macros without notification
3 = Notifications for digitally signed macros, all other macros disabled
2 = Notifications for all macros
1 = Enable all Macros
```

* Update T1137.yaml

* Update T1137.md
 2021-06-15 22:39:17 -06:00
CircleCI Atomic Red Team doc generator 8a67b64944 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:50:23 +00:00
CircleCI Atomic Red Team GUID generator 62f0f37fc6 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:50:17 +00:00
BlueTeamOps 9f397c259c Added Disabling Firewall via Registry (#1516) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-15 09:49:55 -06:00
CircleCI Atomic Red Team doc generator a78c0ae822 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:46:52 +00:00
SecurityShrimp 7a73723a7b Update T1059.005.yaml (#1518) 
added lines to enable TLS v 1.2

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-15 09:46:01 -06:00
CircleCI Atomic Red Team doc generator 84f9f9ffdd Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:45:23 +00:00
Jil Larner 871a3584b8 Fixed bug in script path (#1517) 
The path was referring to T1595.002 instead of T1082, where the script resides. Due to the moved requested in #1320 and missed.
 2021-06-15 09:44:48 -06:00
rctgardner 1531e9d3f0 fix t1105 indent 2021-06-11 15:26:30 -06:00
CircleCI Atomic Red Team doc generator ecc7d70057 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 20:04:40 +00:00
CircleCI Atomic Red Team GUID generator 130328dafc Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 20:04:34 +00:00
Carl dfbd9572e2 Merge pull request #1507 from rctgardner/t1036_005 
T1036.005: Masquerading: Match Legitimate Name or Location
 2021-06-11 14:04:12 -06:00
Carl 14f0926d64 Merge branch 'master' into t1036_005 2021-06-11 13:48:52 -06:00
CircleCI Atomic Red Team doc generator 1f69c7fb08 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:45:31 +00:00
CircleCI Atomic Red Team GUID generator 17eab72057 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:45:25 +00:00
Carl af0da25c0a Merge branch 'master' into t1036_005 2021-06-11 13:45:06 -06:00
Carl 707c970acc Merge pull request #1504 from madhavbhatt/T1110-004-Credential-Stuffing 
T1110.004 : SSH Credential Stuffing FROM Linux , MacOS
 2021-06-11 13:45:02 -06:00
Carl 0fa9b69292 Merge branch 'master' into t1036_005 2021-06-11 13:44:58 -06:00
Carl 120c6d840e Merge branch 'master' into T1110-004-Credential-Stuffing 2021-06-11 13:42:57 -06:00
CircleCI Atomic Red Team doc generator 0c19189bf8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:40:11 +00:00
CircleCI Atomic Red Team GUID generator acb9c9d55e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:40:02 +00:00
Carl 1e0e898c65 Merge pull request #1505 from rctgardner/t1003_007 
T1003.007: OS Credential Dumping: Proc Filesystem
 2021-06-11 13:39:39 -06:00
Carl 609e841708 Merge branch 'master' into t1003_007 2021-06-11 13:37:46 -06:00
CircleCI Atomic Red Team doc generator b97bfd31e6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 17:18:45 +00:00
CircleCI Atomic Red Team GUID generator f123433567 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 17:18:39 +00:00
Suman Kar 1c799637ce New Dump credentials from Windows Credential Manager With PowerShell … (#1508) 
* New Dump credentials from Windows Credential Manager With PowerShell [windows Credentials & web Credentials]

* Update T1555.yaml

* Update T1555.yaml

* use permanent github link for script

* use github permanent link for script

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-10 11:18:12 -06:00
CircleCI Atomic Red Team doc generator 2b3f9444ae Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 05:39:34 +00:00
Carrie Roberts 54486ba7a5 force the reg add and fix error where otm wasn't being created (#1511) 
Co-authored-by: Keith McCammon <keith@redcanary.com>
 2021-06-09 23:38:58 -06:00
CircleCI Atomic Red Team doc generator 733963824b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 03:44:56 +00:00
CircleCI Atomic Red Team GUID generator ed7a8170cc Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 03:44:49 +00:00
tlor89 e70987c439 T1553.005 (#1509) 
Co-authored-by: Toua Lor <tlor@nti.local>
 2021-06-09 21:44:21 -06:00
rctgardner b7eee5a06d preserving exit code if whois ends early 2021-06-09 16:02:14 -06:00
rctgardner 1a3c693394 added 'whois file download' test to T1005 2021-06-09 13:28:07 -06:00
rctgardner 09c413e64a removed windows test from t1036.005 2021-06-09 13:25:13 -06:00
CircleCI Atomic Red Team doc generator 22f3da4960 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-09 18:41:04 +00:00
CircleCI Atomic Red Team GUID generator b74fd6246c Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-09 18:40:57 +00:00
Jorge Orchilles d3321c6a1f Create T1553.005 Atomic Test (#1506) 
* Create T1553.005

* Create T1553.005.yaml

* Update T1553.005.yaml

* Update T1553.005.yaml

* Update T1553.005.yaml

* Update T1553.005.yaml

* Update T1553.005.yaml

* Update T1553.005.yaml

* Update T1553.005.yaml

* Updated T1553.005
 2021-06-09 12:40:30 -06:00
rctgardner 3ae4d98bb8 Added 2 tests for T1036.005 
One Windows and one Linux/macOS
 2021-06-09 10:59:06 -06:00
CircleCI Atomic Red Team doc generator 1203ffc740 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-09 16:56:00 +00:00
Carrie Roberts 0b52ed3a40 remove unused arg, utilize other arg (#1497) 2021-06-09 10:55:25 -06:00
CircleCI Atomic Red Team doc generator 7e64b11098 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-09 16:52:02 +00:00
SecurityShrimp a3e66311c5 Update T1204.002.yaml (#1503) 
added pls version setting to tests using IWR

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-09 10:51:35 -06:00
rctgardner 35dc0c0f96 Merge branch 'master' into t1003_007 2021-06-08 16:50:07 -06:00
rctgardner 6b3206b378 added Python script for T1003.007 2021-06-08 16:49:23 -06:00
rctgardner 47e1147dc1 Added T1003.007 OS Credential Dumping: Proc Filesystem 2021-06-08 15:50:25 -06:00
Madhav Bhatt 66f0a16f7a Merge branch 'master' into T1110-004-Credential-Stuffing 2021-06-07 15:19:05 -07:00
madhavbhatt 8b30864192 T1110.004 : SSH Credential Stuffing FROM Linux , MacOS 2021-06-07 15:17:31 -07:00
Bhavin Patel 0aa2ec226e Merge pull request #1498 from patel-bhavin/add_kubectl 
adding kubectl to spec
 2021-06-07 13:28:43 -07:00
Michael Haag 122e886d8e Merge branch 'master' into add_kubectl 2021-06-07 14:09:06 -06:00
CircleCI Atomic Red Team doc generator 72c9034498 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-07 15:44:18 +00:00