atomic-red-team

Author	SHA1	Message	Date
CircleCI Atomic Red Team doc generator	599973ee7a	Generate docs from job=validate_atomics_generate_docs branch=master	2020-02-01 17:36:29 +00:00
Brandon Morgan	bd6e7c0dcf	Pypykatz add dependency (#817 ) * add dependencies to pypykatz tests * added quotes for the echos and cmd /c	2020-02-01 10:36:16 -07:00
Carrie Roberts	fe500be773	fix prereq bug for multi-line powershell (#815 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs * fix prereq bug for multi-line powershell Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-01-29 14:10:15 -07:00
Keith McCammon	05699b43bd	Fix typo in test name (#811 ) * Fix typo * Generate docs from job=validate_atomics_generate_docs branch=fix-logger-typo Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-29 10:30:46 -07:00
Carrie Roberts	d0f818b011	correctly passing timeout through (#813 )	2020-01-28 16:40:13 -07:00
Carrie Roberts	4193cdc2f1	Revert "T1015 collapsed technique into one atomic with additional inputargs" (#812 ) * Revert "T1015 collapsed technique into one atomic with additional inputargs (#808)" This reverts commit `06361de337`. * Generate docs from job=validate_atomics_generate_docs branch=revert-808-T1015Update	2020-01-28 16:25:43 -07:00
CircleCI Atomic Red Team doc generator	5141f5b0dc	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-28 21:09:41 +00:00
Andras32	06361de337	T1015 collapsed technique into one atomic with additional inputargs (#808 ) * collapsed technique into one atomic * Update atomics/T1015/T1015.yaml Co-Authored-By: Keith McCammon <keith@mccammon.org> * Update atomics/T1015/T1015.yaml Co-Authored-By: Keith McCammon <keith@mccammon.org> * Update atomics/T1015/T1015.yaml Co-Authored-By: Keith McCammon <keith@mccammon.org> * T1015 removed reference to execution framework * Update description T1015.yaml Co-Authored-By: Keith McCammon <keith@mccammon.org> * Update dash over colon T1015.yaml Co-Authored-By: Keith McCammon <keith@mccammon.org> Co-authored-by: Keith McCammon <keith@mccammon.org>	2020-01-28 14:09:24 -07:00
CircleCI Atomic Red Team doc generator	1141a86873	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 23:27:40 +00:00
Andras32	f2074e94b2	T1012 input args and cleanup (#804 ) * T1012 input args and cleanup * Removed file write functionality * fixed missing > in command Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 16:27:27 -07:00
CircleCI Atomic Red Team doc generator	4fc6a89bcf	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 22:18:51 +00:00
Andrew Beers	72ed340500	T1069 - Domain Admin Enumeration (#806 ) * add command to test * move test to another atomic * fixed old tests Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 15:18:31 -07:00
CircleCI Atomic Red Team doc generator	2c60c197dc	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 21:21:31 +00:00
Andrew Beers	878f64bb8a	Store Javascript in Registry (#807 ) Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 14:21:10 -07:00
CircleCI Atomic Red Team doc generator	8b70c15382	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 20:45:55 +00:00
Andrew Beers	6ea5be5e96	remove document and test (#805 ) Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 13:45:33 -07:00
CircleCI Atomic Red Team doc generator	ce9b9ba456	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 20:41:58 +00:00
Andras32	1cefe4232a	added dependencies and cleanup (#803 ) * added dependencies and cleanup * Update T1010.yaml Fixed Circle CI error * Adjusting T1010.yaml Using Invoke-WebRequest over .Net.WebClient no longer deleting dependencies * moved cs and exe files to TEMP directory * T1010.cs back to atomics folder Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 13:41:36 -07:00
CircleCI Atomic Red Team doc generator	b0a572a708	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 20:31:18 +00:00
Andras32	a578253580	added cleanup_command (#802 ) Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 13:30:56 -07:00
CircleCI Atomic Red Team doc generator	827e77d498	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 20:30:01 +00:00
Andras32	b6d9965240	T1004 cleanup commands (#801 ) * added prereq and cleanup Commands * removed key removal after folder is deleted * final no prereqs Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 13:29:36 -07:00
CircleCI Atomic Red Team doc generator	9c33017be0	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-27 20:26:42 +00:00
Andrew Beers	a66ed625a4	.jse File in Startup Folder (#788 ) * write test * move to T1037 * remove from old folder Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-27 13:26:17 -07:00
Andras32	d127147734	Removed prereq command from execution tree in spec.yaml (#800 )	2020-01-26 17:35:53 -07:00
CircleCI Atomic Red Team doc generator	1af5fb8d02	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-26 02:26:39 +00:00
Andras32	c903166244	T1122 Removal (#798 )	2020-01-25 19:26:21 -07:00
CircleCI Atomic Red Team doc generator	247e30e704	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-25 01:34:34 +00:00
Andras32	95ec30fb51	removed T1006 due to error in ninjacopy (#797 )	2020-01-24 18:34:13 -07:00
CircleCI Atomic Red Team doc generator	86359ca916	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-24 16:21:11 +00:00
Carrie Roberts	0189470689	Remove Ninja-Copy test for now (#793 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs * remove ninja-copy test for now (broke) * remove ninja-copy test for now (broke) Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-01-24 09:20:36 -07:00
Carrie Roberts	b43af855ba	Only show cleanup (with inputs) if there are inputs (#792 ) * move emond test into correct T# * only show cleanup with inputs if there are inputs Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com> Co-authored-by: Michael Haag <mike@redcanary.com>	2020-01-24 09:19:10 -07:00
CircleCI Atomic Red Team doc generator	d4cb776600	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-24 15:25:24 +00:00
MrOrOneEquals1	904b5a59a4	T1032 - Add OpenSSL C2 (#795 ) * T1032 Add OpenSSL C2 Test Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-24 08:24:57 -07:00
Andras32	e5ed8e7670	Fixed ExecutionLog TestName field (#796 )	2020-01-24 08:21:54 -07:00
CircleCI Atomic Red Team doc generator	42687f2055	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-23 20:26:46 +00:00
MrOrOneEquals1	2ee6318e8b	Add Open Port Checker - T1016 (#794 ) * only show cleanup with inputs if there are inputs * test * Open Ports added to T1016 * Fix Accidental Change * Fix type * Fix underscore naming error Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-23 13:26:24 -07:00
CircleCI Atomic Red Team doc generator	3f5971565f	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-23 03:38:09 +00:00
Carrie Roberts	119ffdf03f	move emond test into correct T# (#791 ) Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>	2020-01-22 21:37:46 -06:00
CircleCI Atomic Red Team doc generator	8881bdb002	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-23 03:36:42 +00:00
Carrie Roberts	0dcde71a15	Asynchronous Attack Execution and other handy things (#790 ) * execute attack in separate process * install from custom repoOwner and branch * remove zip after install * added showdetails brief and sleep for linux output * remove positional param spec * replacing special PathToAtomicsFolder in commands * use pwsh on linux * kill proc tree linux * include path in remove-item * update readme * update readme * update readme Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>	2020-01-22 21:36:20 -06:00
CircleCI Atomic Red Team doc generator	3ef533126a	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-23 03:08:33 +00:00
JB	cc6735d7f7	Added clean-up, automation of test 1, aligned tests with specs (#746 ) * fixed path to /src in test 1+ minor spec fix -updated supported platforms, duplicates * mv hello.c to /src (delete file) * sample c script (moved from root directory) * Automated test 1, added clean-up to all 3 tests -Automated test 1 (Make and modify file from C Source) -added clean-up to all 3 tests -added touch command to make 'default file' on tests 2 and 3 (in case no other file provided) * added PathToAtomic varible per reviewer, added fix to avoid changing file in atomics folder * Update T1166.yaml Co-authored-by: Carrie Roberts <clr2of8@gmail.com> Co-authored-by: Keith McCammon <keith@mccammon.org>	2020-01-22 20:08:15 -07:00
Tony M Lambert	45746eea98	T1096 Test to Write File in ADS (#697 ) * T1096 Test to Write File in ADS * Generate docs from job=validate_atomics_generate_docs branch=t1096-ads-write * Adding T1096 prereq and cleanup commands * Generate docs from job=validate_atomics_generate_docs branch=t1096-ads-write * T1096 Fix prereq and cleanup * Generate docs from job=validate_atomics_generate_docs branch=t1096-ads-write Co-authored-by: Keith McCammon <keith@mccammon.org>	2020-01-22 20:09:50 -06:00
CircleCI Atomic Red Team doc generator	27f7c3484a	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-22 15:16:03 +00:00
rsjohnson07	65ecf19fdb	Update T1170.yaml (#789 ) Change test # 4 Mshta Executes Remote HTML Application (HTA) Updated executor Updated commands syntax Added Clean up command	2020-01-22 08:15:30 -07:00
Tony M Lambert	8d4be7584e	T1490 PowerShell deleting shadow copies (#785 ) * Add T1490 test for Sodinokibi VSC deletion * Generate docs from job=validate_atomics_generate_docs branch=t1490-wmiobject * Generate docs from job=validate_atomics_generate_docs branch=t1490-wmiobject Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-21 11:39:36 -07:00
Carrie Roberts	42afe34cd3	check for null commands (#787 )	2020-01-21 12:30:03 -06:00
CircleCI Atomic Red Team doc generator	a956d4640f	Generate docs from job=validate_atomics_generate_docs branch=master	2020-01-21 18:12:06 +00:00
Tony M Lambert	a4c9ee4430	Replay the Dependencies Merge (#786 ) * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url * fixing yaml spacing issue * correcting input name * rm to del Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2020-01-21 12:11:45 -06:00

... 96 97 98 99 100 ...

6538 Commits