* Update T1070.003.yaml
Added cleanup command to test "Clear and Disable Bash History Logging"
* Update T1070.003.yaml
corrected spacing
* Update T1070.003.yaml
changed echo set -o to a sed replace command
* Update T1218.yaml
Adding RemoteFXvGPUDisablement.exe LOLBIN coverage via AtomicTestHarnesses to T1218. Thanks, @MHaggis!
* Update T1218.yaml
Adding a more detailed description for this test.
* Update T1218.yaml
* Shortcut additions to user startup
New addition to test creating a shortcut link to an executable in a users startup directory
* Update T1547.001.yaml
* remove extra whitespace
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Separate CI steps so Github status checks can reference the right checks
* Generate docs from job=generate_docs branch=bb-separate-ci-steps
* Commit GUIDs after generating; require GUIDs before other steps
* Fix config
* Generate GUIDs from job=generate_guids branch=bb-separate-ci-steps
* Generate docs from job=generate_docs branch=bb-separate-ci-steps
* Better wording
* Update config.yml
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
* Create T1595.002.yaml
* Added vbscript (griffon recon) for test 1
Script ref. (public gist) https://gist.githubusercontent.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d/raw/55ecbf8f83c36984371a335991f6cf4f2022319b/gistfile1.txt
* added run as priv user
n/a
* removed guid accidentally put in
* removed extra line
* checking syntax final
* remove dependency line
* minor updates to invoke the build process again
* removing elevation required
thanks for that additional review, carrie
* moving to T1082 per review
* adding test 8 (griffon recon)
* create griffon_recon.vbs for test 8
script used here was reduced by security researcher Kirk Sayre (github.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d),
and it gives the exact same recon behavior, hash mentioned in the code, as the original (minus the C2 interaction).
* moving vbs file to T1082 per review
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update maintainers.md
Remove reference to announcements channel, which has been created.
* Generate docs from job=validate_atomics_generate_docs branch=maintainers-updates
* Update maintainers.md
Updates to maintainers meeting purpose, scope, and agendas.
* Generate docs from job=validate_atomics_generate_docs branch=maintainers-updates
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Adding in Workflow Compiler Tests
This adds 2 workflow compiler tests.
1.) Test 6 will execute workflow compiler with a pre-build assembly that invokes cal.
2.) Test 7 will rename workflow compilers and execute the same pre-build assembly that invokes calc.
* minor path updates
Co-authored-by: Jimmy Astle <jastle@vmware.com>
* update output file name to match expected
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-1
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-1
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Clément Notin