security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

6538 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JrOrOneEquals1 755e7e3126 remove unused input arg (#1064) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-06-18 19:13:32 -06:00
CircleCI Atomic Red Team doc generator 46d8aa755d Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-19 01:12:47 +00:00
JrOrOneEquals1 ea1c4e5e92 correct input arg name (#1065) 2020-06-18 19:12:27 -06:00
CircleCI Atomic Red Team doc generator 67dad9ece3 Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-18 23:52:23 +00:00
JrOrOneEquals1 d8c37b4f4d fix double quotes escaping issue (#1060) 2020-06-18 17:51:36 -06:00
CircleCI Atomic Red Team doc generator 8a82e9b66a Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-18 01:57:35 +00:00
hypnoticpattern 83dce0dcfa Fix macOS tests (#1059) 
* Fix macOS tests

* Fix typo in T1574.006

* Replaced zsh with bash, add prereq_command

* Fix test name in T1053.004

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-06-17 19:57:14 -06:00
Carrie Roberts 61fab9a7c6 remove markdown files from gitignore (#1058) 2020-06-17 19:19:57 -06:00
CircleCI Atomic Red Team doc generator 52e0a089ad Generate docs from job=validate_atomics_generate_docs branch=master 2020-06-17 23:24:09 +00:00
Carrie Roberts f8d9b9dee9 spacing change (#1057) 2020-06-17 17:23:34 -06:00
Carrie Roberts 24549e3866 Convert to Mitre ATT&CK sub-technique schema (#1056) 
* Initial transfer of atomics to MITRE subtechniques

* Add GUIDs back in, attack_technique to string (#1019)

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* technique to string and add guids back in

* Subtechnique transfer T1220-T1546.005 (#1020)

* Create T1222.001.yaml

* Create T1222.002.yaml

* Create T1505.002.yaml

* Update T1543.003.yaml

* Update AtomicService.cs

* Update T1546.005.yaml

* Delete T1222.yaml

* Update T1482.yaml

* Update T1485.yaml

* Update T1220.yaml

* Update T1489.yaml

* Update T1490.yaml

* Update T1496.yaml

* Update T1505.003.yaml

* Update T1505.yaml

* Update T1518.001.yaml

* Update T1518.yaml

* Update T1529.yaml

* Update T1543.004.yaml

* Update T1546.001.yaml

* Update T1546.002.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.002.yaml

* Update T1543.001.yaml

* Update T1518.001.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1531.yaml

* Update T1222.001.yaml

* Update T1222.002.yaml

* Update T1505.002.yaml

* Update T1505.003.yaml

* Update T1518.001.yaml

* Update T1543.001.yaml

* Update T1546.005.yaml

* Update T1546.004.yaml

* Update T1546.003.yaml

* Update T1546.002.yaml

* Update T1546.001.yaml

* Update T1543.004.yaml

* Update T1543.003.yaml

* Update T1543.002.yaml

* added auto_generated_guid 1220

* added T1222.001 auto_generated_guid

* Update T1222.002.yaml

added   auto_generated_guid entries

* Update T1482.yaml

  auto_generated_guid added

* Update T1485.yaml

added   auto_generated_guids

* Update T1489.yaml

added   auto_generated_guids

* Update T1490.yaml

added   auto_generated_guids

* Update T1496.yaml

added   auto_generated_guid

* Update T1505.002.yaml

added   auto_generated_guid from old T1505 same atomic

* Update T1505.003.yaml

added  auto_generated_guid from previous atomic 1100

* Delete T1505.yaml

no longer needed, moved to 1505.002

* Update T1518.yaml

added  auto_generated_guids

* Update T1529.yaml

added   auto_generated_guids

* Update T1531.yaml

added   auto_generated_guids

* Update T1543.001.yaml

added   auto_generated_guid

* Update T1543.002.yaml

added   auto_generated_guid

* Update T1543.004.yaml

added   auto_generated_guid

* Update T1546.001.yaml

added   auto_generated_guid

* Update T1546.002.yaml

added   auto_generated_guid

* Update T1546.003.yaml

* Update T1546.004.yaml

added  auto_generated_guid

* Update T1546.005.yaml

added  auto_generated_guid

* add guids back in

* fix spacing issue

* fix spacing

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Sub-techniques T1053-T1113 - Updates (#1022)

* Sub-techniques T1053-T1113 - Updates

Updated techniques for sub-techniques.

* minor fixes

format fixing

* Added GUIDs

- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string

* Sub-technique updates T1546.008 through T1574.011 (#1024)

* sub technique updates

* sub technique updates

* sub technique updates

* Carrie updates (#1017)

* updated T1110,12,13

* updated T1114

* updated T1114

* updated T1115

* updated T1119

* updated T1123,24

* updated T1127

* updated T1114

* updated T1127

* updated T1132

* T1134.004

* T1134.004

* updated T1135

* updated T1136

* updated T1137

* updated T1140

* remove depracted T1153

* updated T1176

* updated T1197

* updated T1201

* updated T1202

* updated T1204

* updated T1207

* updated T1216

* updated T1204

* updated T1217

* updated T1218

* updated T1218

* updated T1219

* updated T1218

* attack_technique to string

* Subtechnique transfer (#1025)

* T1003 review

* T1005 manual review changes

* T1027.002 sub-technique review

* T1027.004 sub-technique review

* T1036 sub-technique review

* T1037 sub-technique review

* T1048 sub-technique review

* YAML bugfixes

* Adding auto-generated GUIDs back to tests

* merging with Mike's PR

* Merging with Carrie's PR

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Subtechnique fix (#1026)

* add atomic_tests: element

* add atomic_tests: element

* more fixes

* more fixes

* more fixes

* sub technique minor fixes 1 (#1027)

* fixes

* fixes

* more fixes

* more fixes

* display name fix (#1028)

* remove some deprecated stuff. reorganize a little (#1031)

* Gendocs fix (#1033)

* gendocs updates for subtechniques

* add folders

* ignore auto generated markdown files

* remove tmp files

* add tmp files

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

* navigator layer v3.0

* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer

Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com>
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-06-17 12:55:46 -06:00
Matt Graeber 14905c7a16 Merge pull request #1032 from redcanaryco/atomicfriday-06052020 
Atomic Friday 06052020
 2020-06-10 10:19:56 -04:00
Matt Graeber 13a49af96a Merge branch 'master' into atomicfriday-06052020 2020-06-10 08:44:55 -04:00
Matt Graeber 4567926d8a Merge pull request #1038 from briancdonohue/patch-1 
"Get Started!" link leads to a 404.
 2020-06-10 08:28:32 -04:00
Brian 2852d954a1 "Get Started!" link leads to a 404. 
The "Get started!" link at the bottom of the atomicredteam.io page is broken. I suggested updating it so it leads to the testing section of the .io site (https://atomicredteam.io/testing)
 2020-06-09 14:42:52 -04:00
Mike Haag 260f6af059 Update Atomic_Friday.md 2020-06-05 12:52:40 -06:00
Mike Haag 495e327ba4 Update Atomic_Friday.md 2020-06-05 10:40:34 -06:00
Mike Haag 130824249d Update Atomic_Friday.md 2020-06-05 09:39:18 -06:00
Mike Haag bfc0d5955f Update Atomic_Friday.md 2020-06-05 07:36:09 -06:00
Mike Haag 56f1e14135 Create Atomic_Friday.md 2020-06-05 07:34:43 -06:00
Omar Santos d8ffdf2ee6 Fixing broken link (#1012) 
Fixed the broken link at the bottom of the page " Ready to start testing? [Get started!](https://github.com/redcanaryco/atomic-red-team/blob/master/testing)"
 2020-05-28 17:50:04 -06:00
hypnoticpattern 41f553d7ef Python runner checks dependencies and run cleanup (#1011) 
Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-26 12:44:05 -06:00
CircleCI Atomic Red Team doc generator be41a50f01 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 22:27:49 +00:00
Brian Thacker 2cc548c118 Fix typo t1055 t1100 t1010 (#1007) 
* Path correction test 4

T1055 test 4 default path of exe_binary did not work on a standard system nor provide the flexibility of an input argument.

* Update T1100.yaml

Added /q (quiet mode) to the cleanup command to prevent command from hanging.

* Update T1010.yaml

Test 1 used a default path with an environment variable naming schema used with powershell not the executor command_prompt.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 16:27:29 -06:00
CircleCI Atomic Red Team doc generator 0160032da5 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 22:12:58 +00:00
Andrew Beers ef0e95bf50 T1500 - Dynamic C# Compile (#1008) 
* write test

* use input arg in command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 16:12:16 -06:00
CircleCI Atomic Red Team doc generator 3c588cc680 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 22:04:59 +00:00
Andrew Beers e0eaff95ea T1069 find local admins via group policy power view (#1006) 
* T1069 Find Local Admins via Group Policy (PowerView)

* fix default param

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 16:04:33 -06:00
CircleCI Atomic Red Team doc generator 7c87abef47 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:58:44 +00:00
Andrew Beers 5e050536c5 T1069 - Find local admins on all machines in domain (PowerView) (#1005) 
* write test

* add supported platforms

* remove extra space

* add command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:58:24 -06:00
CircleCI Atomic Red Team doc generator f5dbf8e46c Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:39:13 +00:00
Andrew Beers b01a98f700 T1087 automated ad recon (ad recon) (#1004) 
* write test

* update cleanup

* refer to input arg

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:38:46 -06:00
CircleCI Atomic Red Team doc generator a34350f2f1 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:31:46 +00:00
Andrew Beers e3786e4dc3 write test (#1003) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:31:27 -06:00
CircleCI Atomic Red Team doc generator 9e89627f3b Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:30:14 +00:00
Andrew Beers 155e585847 write test (#1002) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:29:34 -06:00
CircleCI Atomic Red Team doc generator c8193d5227 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:23:48 +00:00
Andrew Beers e73b02b0b3 T1069 - Find machines where user has local admin access (PowerView) (#1001) 
* write test

* link to specific commit of file
 2020-05-21 15:23:28 -06:00
CircleCI Atomic Red Team doc generator f1cc467b21 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-20 15:58:43 +00:00
Andrew Beers f8cd169ca3 Move test to T1105 (#1000) 2020-05-20 09:58:20 -06:00
CircleCI Atomic Red Team doc generator 51ce388932 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-20 13:44:04 +00:00
Andrew Beers 1b2bf832c3 T1036 file extension masquerading fix (#999) 
* change executer to help with writing detection

* putting guid back in

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-20 07:43:35 -06:00
CircleCI Atomic Red Team doc generator 455840f3bb Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 20:18:24 +00:00
Andrew Beers 672bd86fff T1036 file extension masquerading (#997) 
* write test

* add files and test cases

* improve naming for exe files
 2020-05-15 14:18:08 -06:00
CircleCI Atomic Red Team doc generator 6bf2043590 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 18:44:41 +00:00
Andrew Beers 2e1e5b7d1d T1193 word spawned a command shell and used an ip address in the command line (#996) 
* ping command from vb script

* type fixes

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-15 12:44:06 -06:00
CircleCI Atomic Red Team doc generator 4615debb1b Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 17:26:49 +00:00
Matt Graeber 7369a7d9a2 Merge pull request #995 from clr2of8/index-fix2 
Fix missing T# Keys in index.yaml
 2020-05-15 13:26:20 -04:00
Matt Graeber d3291a2507 Merge branch 'master' into index-fix2 2020-05-15 13:25:26 -04:00
CircleCI Atomic Red Team doc generator 35c42f2c61 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 17:19:25 +00:00