security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,538 Commits 47 Branches 0 Tags
python_conversion
Commit Graph

6538 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CircleCI Atomic Red Team doc generator 59e7d3322b Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-28 21:57:52 +00:00
Andras32 080bac8e1a markdown file take 2 (#847) 2020-02-28 14:57:29 -07:00
CircleCI Atomic Red Team doc generator a9baff5251 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-28 20:40:45 +00:00
tlor89 833caefbd0 T1153-T1531_CleanupErrors (#846) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-28 13:40:26 -07:00
CircleCI Atomic Red Team doc generator 9dc3636e3f Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-28 20:04:31 +00:00
Andras32 a32b50028b fixed md file parsing issue (#845) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-28 13:04:03 -07:00
CircleCI Atomic Red Team doc generator 9d8ffda86d Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-28 19:48:08 +00:00
tlor89 52b99cd654 T1056_T1090_CleanupErrors (#844) 2020-02-28 12:47:42 -07:00
CircleCI Atomic Red Team doc generator 5e8e3e0851 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-28 18:03:51 +00:00
tlor89 ce43569dcf T1096-T1138_CleanupErrors (#842) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-28 11:03:31 -07:00
CircleCI Atomic Red Team doc generator d1546cbb19 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-28 16:42:36 +00:00
Andras32 fc0b4c23ad T1204-OSTap Style Macro Delivery (#843) 
* MalDoc Cradle and T1204 Test

* reduced unnecessary code

* IEX install Invoke-Maldoc

* Delete Invoke-MalDoc.ps1
 2020-02-28 09:42:10 -07:00
CircleCI Atomic Red Team doc generator fbc458a342 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-27 18:04:44 +00:00
Luminous-InfiniTom 381ba9d449 Create T1219.yaml (#838) 
* Create T1219.yaml

Added first atomic for T1219

* spacing corrections

* spacing corrections

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-27 11:04:14 -07:00
CircleCI Atomic Red Team doc generator ec50c4b064 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-26 22:00:47 +00:00
ezr 9e350d5290 Fix docs template carriage return issue (#840) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-26 15:00:19 -07:00
CircleCI Atomic Red Team doc generator a5df006dd6 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-26 21:59:04 +00:00
ezr 661e2beb3d Correct markdown formatting for test #3 (#835) 
* Correct markdown formatting for test #3

* Move XML data into its own file rather than try to display inline

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-26 14:58:45 -07:00
dependabot[bot] 5005e1d6fd Bump nokogiri from 1.10.4 to 1.10.8 (#839) 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.8.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.8)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-02-25 15:35:09 -07:00
CircleCI Atomic Red Team doc generator 723426c15d Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-24 19:30:29 +00:00
blackburnjrb 8762f3f929 Added Test for OSTAP Worming Activity to T1105 (#836) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-24 12:29:51 -07:00
CircleCI Atomic Red Team doc generator 0bcf0d5c50 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-24 18:09:40 +00:00
Andrew Beers 4cf7a7f8c5 add flag (#834) 2020-02-24 11:09:24 -07:00
CircleCI Atomic Red Team doc generator 6ae0409e73 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-18 01:00:46 +00:00
dwhite9 84120795f5 Adjusted the default domain from example.com to 127.0.0.1.xip.io to (#832) 
allow the "Resolve-DnsName" commandlet to work as expected. Should
prevent runtime issues associated with NXDOMAIN.
 2020-02-17 18:00:21 -07:00
CircleCI Atomic Red Team doc generator f762d6ac0b Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-11 21:36:43 +00:00
Brian Thacker dd4783b2a5 Fixed typo 1216 1081 (#830) 
* Typo Test 3

findstr /si pass *.xml | *.doc | *.txt | *.xls -> findstr /si pass *.xml *.doc *.txt *.xls

* Typo Test 2

SyncAppvPublishingServe -> SyncAppvPublishingServer
Quotes in test 2 of a format not recognizable by Powershell when passed. Changed to regular quotes.
 2020-02-11 14:36:21 -07:00
CircleCI Atomic Red Team doc generator 7ce029b52b Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-10 19:00:47 +00:00
Carrie Roberts 1837cd137e T1015, set default input args to be a list of executables (#829) 
* move emond test into correct T#

* only show cleanup with inputs if there are inputs

* set default to complete list

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
 2020-02-10 12:00:25 -07:00
CircleCI Atomic Red Team doc generator 5ac9aac2b3 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-10 18:31:57 +00:00
Andras32 d174638f67 T1015 restructure (#818) 
* Reworked T1015 changes

* Removed testing statements

* missing ( and yaml comment error

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-10 11:31:45 -07:00
CircleCI Atomic Red Team doc generator ff94993abb Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-10 18:30:02 +00:00
tlor89 4c35cdb5ff T1027 t1053 cleanup errors (#828) 
* fixed

* T1027-T1053_CleanupErrors

* T1027-T1053_CleanupErrors(2)

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-10 11:29:45 -07:00
CircleCI Atomic Red Team doc generator d5a32b161c Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-08 00:29:45 +00:00
tlor89 2cc0faea72 fixed (#827) 2020-02-07 17:29:17 -07:00
CircleCI Atomic Red Team doc generator 19560b02c8 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-06 16:00:58 +00:00
MrOrOneEquals1 c9bf800a29 T1071 - adding DNS C2 (#825) 
* DNS C2

* DNS C2 - Fix Typos

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-06 09:00:15 -07:00
CircleCI Atomic Red Team doc generator 73eb6cdd8c Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-06 15:16:46 +00:00
tlor89 cbb1133b91 T1105-Update (#826) 
* Added executor fix cleanup command and Temp local path

* changed local_path variable name

* circleCI syntax error PowerShell

* massage
 2020-02-06 08:16:27 -07:00
Carrie Roberts a3ebb13bb6 Build check (#816) 
* move emond test into correct T#

* only show cleanup with inputs if there are inputs

* ensure both prereq and get_prereq commands are specified

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
 2020-02-05 10:31:08 -07:00
Carrie Roberts 2a59d5525f When invoking new process, set working dir to $env:temp (#821) 
* move emond test into correct T#

* only show cleanup with inputs if there are inputs

* default working dir is tmp

* default working dir is tmp

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
 2020-02-05 10:30:18 -07:00
Carrie Roberts 4955e67900 clarify use of Invoke-WebRequestVerifyHash (#823) 
* move emond test into correct T#

* only show cleanup with inputs if there are inputs

* clarify use of Invoke-WebRequestVerifyHash

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
 2020-02-05 10:24:39 -07:00
CircleCI Atomic Red Team doc generator 1854eb9db8 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-05 17:23:40 +00:00
Carrie Roberts 51c70736dd T1095-2 add prereqs (#824) 
* move emond test into correct T#

* only show cleanup with inputs if there are inputs

* add prereq commands

* add prereq commands

* add prereq commands

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>
 2020-02-05 10:23:17 -07:00
CircleCI Atomic Red Team doc generator 80e4462311 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-04 22:40:46 +00:00
MrOrOneEquals1 8ea7ea5c8e T1095 Standard Non-Application Layer Protocol - ICMP, Ncat, Powercat C2 (#822) 
* ICMP Ncat C2

* Add T1095 Test

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-04 15:40:10 -07:00
CircleCI Atomic Red Team doc generator dd0736f370 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-04 20:03:30 +00:00
Andrew Beers 66b98936f3 VBS File Created in Startup Folder (#810) 
* add tests, fix old test

* start combining tests

* all files run, still need to support input arguments

* fix quotes

* convert to commas

* remove old tests, ignore delete exceptions

* split up into different tests

* ignore errors in cleanup commands

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-04 13:02:47 -07:00
CircleCI Atomic Red Team doc generator d7449467c4 Generate docs from job=validate_atomics_generate_docs branch=master 2020-02-04 18:58:33 +00:00
Andrew Beers f227c1cd8b Delete TeamViewer Log Files (#814) 
* Write tests

* fix build error

* put deletion in attack command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-02-04 11:58:18 -07:00