security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,615 Commits 47 Branches 0 Tags
remove_ruby
Commit Graph

6615 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team doc generator 5d76ff7aa1 Generated docs from job=generate-docs branch=master [ci skip] 2023-09-13 01:22:52 +00:00
Atomic Red Team GUID generator bd99b04a31 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-13 01:22:34 +00:00
Thomas Meng d2562f763a T1055.002 Process Injection: (Fileless) Portable Executable Injection (#2524) 
* Add new T1055 process injection test named dirty vanity

* Fix typos

* Update build.bat

* Delete atomics/T1055/T1055.yaml.bak

* T1055.002 Process Injection: Portable Executable Injection implemented and tested on both Windows 10 and 11. Bypassed Windows defender. A messagebox spawned with message Atomic Red Team

* Update T1055.002 proc privilege level

* Fix some small issues related to code compliation with different compilers in different archs

* Update T1055.002.md

Update documentation for T1055.002

* Update T1055.002.md

Update clean up command

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-09-12 19:21:55 -06:00
Atomic Red Team doc generator 53f605e142 Generated docs from job=generate-docs branch=master [ci skip] 2023-09-12 19:14:33 +00:00
Carrie Roberts 5dc57a112a handle spaces in file path (#2527) 2023-09-12 15:13:14 -04:00
Atomic Red Team doc generator 4624b2c995 Generated docs from job=generate-docs branch=master [ci skip] 2023-09-12 02:52:27 +00:00
Atomic Red Team GUID generator a68b2cfabe Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-12 02:52:08 +00:00
art-labs 0c57c49f1b Update T1055.yaml (#2526) 
removing invalid guid. a new one will be automatically assigned by github actions
 2023-09-11 20:51:30 -06:00
publish bot 122d6a448a updating atomics count in README.md [ci skip] 2023-09-11 18:36:59 +00:00
Bhavin Patel 458d8a9731 Merge pull request #2519 from cyberbuff/T1021.005 
T1021.005 Apple Remote Desktop
 2023-09-11 11:36:06 -07:00
Bhavin Patel edf3453ac2 Merge branch 'master' into T1021.005 2023-09-11 11:35:06 -07:00
publish bot 01b2dda043 updating atomics count in README.md [ci skip] 2023-09-11 18:35:04 +00:00
Bhavin Patel 4f03ef6917 Merge pull request #2515 from blueteam0ps/T1098.003-2 
Adding Simulate - Post BEC persistence via user password reset follow…
 2023-09-11 11:34:22 -07:00
Bhavin Patel d597a5e021 Merge branch 'master' into T1098.003-2 2023-09-11 11:33:15 -07:00
publish bot 5c3b23002d updating atomics count in README.md [ci skip] 2023-09-06 18:29:08 +00:00
Thomas Meng 886ede1606 Process injection dirty vanity (#2520) 
* Add new T1055 process injection test named dirty vanity

* Fix typos

* Update build.bat

* Delete atomics/T1055/T1055.yaml.bak

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-09-06 12:28:11 -06:00
Atomic Red Team doc generator 9eeb1cd6f0 Generated docs from job=generate-docs branch=master [ci skip] 2023-09-06 17:24:36 +00:00
Atomic Red Team GUID generator f902e6d232 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-06 17:24:18 +00:00
Scoubi 7f2a7db461 Update T1564.004.yaml (#2521) 
Include a test to test twitter.com/pfiatde/status/1681977680688738305
It creates a directory that you can only access by specifying '::$index_allocation' even if not shown in the name of the folder. It then create a file called 'secrets.txt' to hide information/payloads
 2023-09-06 11:23:30 -06:00
Atomic Red Team doc generator 38368fe078 Generated docs from job=generate-docs branch=master [ci skip] 2023-09-02 01:36:39 +00:00
Atomic Red Team GUID generator 81d3e7889a Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-02 01:36:21 +00:00
IntelScott 947edecd81 Update T1021.001.yaml (#2517) 
Add new test (Disable NLA for RDP via Command Prompt)
 2023-09-01 19:35:35 -06:00
Hare Sudhan 65fe70a420 adding T1021.005 
adding T1021.005
 2023-08-31 12:20:43 -04:00
publish bot b4841b32e5 updating atomics count in README.md [ci skip] 2023-08-30 03:43:58 +00:00
Kyaw-Pyiyt-Htet-Mikoyan 5562068aa2 Update T1082.yaml (#2516) 2023-08-29 21:43:06 -06:00
blueteam0ps 48702a9d62 Adding Simulate - Post BEC persistence via user password reset followed by user added to company administrator role 2023-08-26 05:44:16 -07:00
publish bot 51f01c9695 updating atomics count in README.md [ci skip] 2023-08-24 16:59:15 +00:00
Adam Mashinchi e82563f86b Merge pull request #2513 from redcanaryco/clr2of8-patch-45 
Update README.md
 2023-08-24 09:58:24 -07:00
Carrie Roberts 955d859cb1 Update README.md 2023-08-21 15:56:13 -06:00
publish bot b27a3cb250 updating atomics count in README.md [ci skip] 2023-08-15 22:54:12 +00:00
Alton Johnson, OSCP, OSCE e2474f6e12 replaced File.exists? with File.exist? (#2511) 2023-08-15 16:53:26 -06:00
Atomic Red Team doc generator ca7374abdb Generated docs from job=generate-docs branch=master [ci skip] 2023-08-15 01:05:57 +00:00
Atomic Red Team GUID generator b472e5f639 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-15 01:05:39 +00:00
CyberBilly7 a82678a616 Update T1564.yaml (#2510) 
NirCmd is used by threat actors to execute commands, which can include recon and privilege escalation via running commands via the SYSTEM account

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-08-14 19:04:57 -06:00
Atomic Red Team doc generator 48e7be16d5 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-15 01:03:29 +00:00
Atomic Red Team GUID generator befa9a2a43 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-15 01:03:08 +00:00
Michael Haag 55301cf3a3 Customshellhost (#2509) 
* Adding CustomShellHost

* Update T1218.yaml

* fixed
 2023-08-14 19:02:11 -06:00
publish bot 0fbf08855e updating atomics count in README.md [ci skip] 2023-08-08 00:37:09 +00:00
dependabot[bot] f882e2cbce Bump jsonschema from 4.18.4 to 4.19.0 (#2508) 2023-08-07 19:36:14 -05:00
Atomic Red Team doc generator 6765527ef0 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-05 00:48:02 +00:00
Atomic Red Team GUID generator 447d3f4705 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-05 00:47:44 +00:00
BlueTeamOps d8aa2f4f70 Create T1098.003.yaml (#2478) 
* Create T1098.003.yaml

* add header info

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
 2023-08-04 19:47:06 -05:00
Atomic Red Team doc generator 6af8c8fe51 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-03 17:15:53 +00:00
Atomic Red Team GUID generator b928bdc3a3 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-03 17:15:35 +00:00
Bhavin Patel ab6b7cf7e0 Merge pull request #2481 from RedinDisguise/master 
Update T1562.001.yaml
 2023-08-03 10:14:50 -07:00
Bhavin Patel 136266bcea Merge branch 'master' into master 2023-08-03 09:33:50 -07:00
Atomic Red Team doc generator eec95b5b86 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-02 03:24:15 +00:00
Atomic Red Team GUID generator 363cf9a301 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-08-02 03:23:54 +00:00
Hare Sudhan 3032f9e85b tokens added (#2506) 2023-08-01 21:23:11 -06:00
Hare Sudhan a1d082bdbb YAML schema fix (#2505) 
* yaml schema fix

* change yaml structure
 2023-08-01 19:24:22 -06:00