9ed5a8b444
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 14:46:43 +00:00
6ec7d4bcf0
Specify language for markdown code blocks ( #882 )
...
* specify code block type in markdown
* specify code block type in markdown
2020-03-16 08:46:25 -06:00
71f3fbbaeb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 14:43:09 +00:00
1ffb768a14
fixes for both T1121 tests ( #880 )
2020-03-16 08:42:30 -06:00
39b101e798
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-13 18:41:26 +00:00
cf6351f981
Adding dependencies to T1118 to ensure support for remote testing ( #878 )
...
Co-authored-by: Matt Graeber <mattifestation@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-13 12:41:06 -06:00
264b8aba92
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-13 18:24:41 +00:00
334eb14226
T1121-2_Update ( #877 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-13 12:23:57 -06:00
159a477b99
Fixes #873 ( #874 )
...
https://github.com/redcanaryco/atomic-red-team/issues/873
2020-03-12 20:13:36 -06:00
8cb0e3e283
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-12 13:33:53 +00:00
d0687be58c
Refactoring and adding test cases for T1118 ( #872 )
...
* Refactoring and adding test cases for T1118
Developed a new test harness for InstallUtil variant execution and built many new tests around it.
* T1118 test refactoring and documentation
* All installer assemblies now output to %TEMP% by default so as to not pollute an atomics directory.
* Get-CommandLineArgument and Invoke-BuildAndInvokeInstallUtilAssembly are now fully documented.
* Cleanup commands added
* Any mention of payload was removed. This isn't offensive code and we should give that impression.
* Removed Rollback and Commit methods from the installer source code. I do not see it as a necessity to test this functionality.
Co-authored-by: Matt Graeber <mattifestation@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-12 07:33:11 -06:00
1eb7be4ae0
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-11 02:07:19 +00:00
5d7ea5c115
Move RegSvr32.sct into src ( #871 )
...
* Move RegSvr32.sct into src
* Fix
* Update T1117.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 20:06:57 -06:00
c086f9f2df
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-11 00:59:09 +00:00
13271f6447
Now goes to a tmp folder ( #870 )
...
* Now goes to a tmp folder
* Update T1118.yaml
* Update T1121.yaml
* Update T1121.yaml
* Update T1121.yaml
* Update T1118.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 18:58:34 -06:00
70e9ccfdf0
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-10 23:08:18 +00:00
5b61194689
T1048 exfiltration over dns ( #831 )
...
* added-dns-exfiltration
Exfiltration over DNS
* Update T1048.md
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 17:08:02 -06:00
2f778f359e
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-10 23:06:25 +00:00
3fa4dd1c9e
Fixed cleanup commands ( #869 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 17:06:14 -06:00
cdb4000e20
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-10 23:03:32 +00:00
c6d8809af3
Add prereqs ( #867 )
...
* Added prereqs
* Added prereqs
* Add prereqs
* undeleting file
* corrections
* Corrections
2020-03-10 17:02:52 -06:00
7f7fb3a9e6
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-09 21:52:28 +00:00
bf96837707
Add password option to T1136 ( #866 )
...
* add password
* T1136 now has password option when creating a new user in CMD prompt
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-09 15:52:09 -06:00
3d2c7e0efb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-09 21:26:21 +00:00
f3464e311c
Update T1003 ( #865 )
...
* Update T1003
Added prereqs and cleanup commands for test 7 (Offline Credential Theft With Mimikatz)
* Update T1003
Fix typo "...Create the lsass dump ....
2020-03-09 15:24:57 -06:00
5ec79bd8ed
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-09 15:50:11 +00:00
34f36da8f3
make verifyhash function available to prereq ( #859 )
2020-03-09 09:48:56 -06:00
063103ab79
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-07 23:04:14 +00:00
4ddb393a9b
T1095-2_Update ( #863 )
...
* T1095_Update
* T1095-2_update
* T1095-2_Update
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-07 16:03:55 -07:00
31f946622d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-07 22:20:30 +00:00
291346e52b
Add test 2 prereqs for T1003 that performs Credential Dumping ( #861 )
...
* Add test 2 prereqs for T1003 that performs Credential Dumping
* add import from web
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-07 15:20:14 -07:00
cac20abd54
Remove old invoke ( #858 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* remove old invoke
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: Keith McCammon <keith@redcanary.com >
2020-03-06 15:25:27 -07:00
c54ebaea98
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-06 19:59:43 +00:00
421e21675a
t-1028_Update ( #857 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-06 12:59:20 -07:00
799b63f3c8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-06 03:49:25 +00:00
c04e6c16b9
Modifying T1214 to include TrickBot PuTTY Session enumeration ( #856 )
...
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
2020-03-05 20:48:52 -07:00
f89552e246
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-04 21:35:00 +00:00
75149a7ac0
T1071-IP ( #855 )
...
* T1071-IP
* T1071-IP-fixed
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-04 14:34:40 -07:00
434c79f099
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-04 21:32:29 +00:00
6d4863aea6
Disable Office Security Settings, Delete Windows Defender Definition Files ( #854 )
...
* Disable Office Security Settings
* fixes
* Add test to delete windows defender files
2020-03-04 14:32:08 -07:00
877da0ba7d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-02 20:31:47 +00:00
aae45a1937
fixed RunOnce cleanup command by adding extra input argument for reg ( #852 )
...
key.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-02 13:31:26 -07:00
ed32225707
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-02 20:30:10 +00:00
6b6f7f1a48
Cast to string, strip ( #853 )
2020-03-02 13:29:48 -07:00
08034b7971
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-01 04:11:52 +00:00
5ab6e75302
T1024 ostap js version ( #851 )
...
* merged test 2
* Fixed Cleanup double execution error
* cleaned up description wording
2020-02-29 21:11:35 -07:00
ab2c18b19d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-29 21:59:49 +00:00
6fb77ba8aa
T1071-8 OSTap Payload Download ( #849 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-29 14:59:35 -07:00
6e8971bc79
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-29 21:47:05 +00:00
6cef46c6fc
added t1204-2 ( #850 )
2020-02-29 14:46:51 -07:00
CircleCI Atomic Red Team doc generator