atomic-red-team

Author	SHA1	Message	Date
jonod8698	a99fe1ba3d	Add T1539 macOS Chrome Remote Debugging (#2469 ) * Add T1539 macOS Chrome Remote Debugging * Split into 2 prereqs & specify /tmp --------- Co-authored-by: Jonathan Duan <jduan@neptsec.com> Co-authored-by: Hare Sudhan <code@0x6c.dev>	2023-06-26 16:39:06 -04:00
Atomic Red Team doc generator	26398fb9c6	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-26 20:31:24 +00:00
Atomic Red Team GUID generator	47894bd586	Generate GUIDs from job=generate-docs branch=master [skip ci]	2023-06-26 20:31:07 +00:00
Kevin Stapleton	604f016a2c	Added Linux Tests to T1069.002, T1087.002, T1136.002 (#2468 ) * adding linux client test to T1069.002 AD tests * changed prereq for packages * temp removing prereq * adding first prereq * prereq fails * trying elevated permissions * alright, no prereq * Revert "temp removing prereq" This reverts commit 3bc8ef5fb22dc09fa1ca2ad5282cbdbaf55280de. * should work now * removing prereq entirely * correct dependency_executor * adding prereq check for all packages * adding input arg for password * changing command to autoinclude password * back to original command, starting work on 1078 * back to original command, starting work on 1078 * putting echo on command for runner to see arguments supplied * continuing work on 1078 * first attempt at T1078.002 * removed extraneous code * temp remove cleanup * removed flag on echo * updated first comand * updating input variable ref * removing flag again * updating ou * attempting to change ou to cn * new uid * explictely defining dc * more attempts * changed uid * removed first uid * trying without num * changing cn back to ou * change case * fixed dc * removing second dc ref * following IBM guide * removed extraneous space * space between userpassword * reintroducing dc * added echo * trying something new * updated echo * adding back admin user input * attempting default * trying add to previous group * revert back to just admin user * missed # * adding back -x * making ou and cn match * attempting to match search style * removing space * improved formatting * simplified * replacing authentication * -D object * reintroduced admin user * fixed top level domain * return to old * holding breath * setting user to just person type * removing uid from front * changing dc * trying to update cn * update cn * changing to object form... again * chat gpt wrote this * added cleanup * updating command * removed space * added space * revert from object * looking into issues with cleanup command being unable to find user (yet it already exists) * changed ldapdelete to ldapmodify * updating temporary user name * fixing typo in cleanup command * creating new yaml file for T1136, similar to T1078. Future plans to modify T1078.002 to either run a process or elevate a user * first attempt at creating domain admin * changing CN to Domain Admins * improved formatting (getting error 32) * changing ldif file echo * ldapadd to ldapmodify * adding domain admins domain if it doesn't exist * redo formatting * removing create domain admin group * trying ldapadd again * updating prereq commands, removing admin requirement from ldapsearchs * adding linux client test to T1069.002 AD tests * changed prereq for packages * temp removing prereq * adding first prereq * prereq fails * trying elevated permissions * alright, no prereq * Revert "temp removing prereq" This reverts commit 3bc8ef5fb22dc09fa1ca2ad5282cbdbaf55280de. * should work now * removing prereq entirely * correct dependency_executor * adding prereq check for all packages * adding input arg for password * changing command to autoinclude password * back to original command, starting work on 1078 * back to original command, starting work on 1078 * putting echo on command for runner to see arguments supplied * continuing work on 1078 * first attempt at T1078.002 * removed extraneous code * temp remove cleanup * removed flag on echo * updated first comand * updating input variable ref * removing flag again * updating ou * attempting to change ou to cn * new uid * explictely defining dc * more attempts * changed uid * removed first uid * trying without num * changing cn back to ou * change case * fixed dc * removing second dc ref * following IBM guide * removed extraneous space * space between userpassword * reintroducing dc * added echo * trying something new * updated echo * adding back admin user input * attempting default * trying add to previous group * revert back to just admin user * missed # * adding back -x * making ou and cn match * attempting to match search style * removing space * improved formatting * simplified * replacing authentication * -D object * reintroduced admin user * fixed top level domain * return to old * holding breath * setting user to just person type * removing uid from front * changing dc * trying to update cn * update cn * changing to object form... again * chat gpt wrote this * added cleanup * updating command * removed space * added space * revert from object * looking into issues with cleanup command being unable to find user (yet it already exists) * changed ldapdelete to ldapmodify * updating temporary user name * fixing typo in cleanup command * creating new yaml file for T1136, similar to T1078. Future plans to modify T1078.002 to either run a process or elevate a user * first attempt at creating domain admin * changing CN to Domain Admins * improved formatting (getting error 32) * changing ldif file echo * ldapadd to ldapmodify * adding domain admins domain if it doesn't exist * redo formatting * removing create domain admin group * trying ldapadd again * updating prereq commands, removing admin requirement from ldapsearchs * small changes to search parameters * changed Domains search to search for Domain Users * added objectClass=group flag * separating flag from string * removing T1078, to be done in future * added {cleartext} to admin password * restoring deleted file. My antivirus really hates this file... * update for spec * update to spec * adding name to atomic test * moved from deprecated -h -p flags to -H flag * fix cleanup commands with same flag changes * add ldap:// * removing unused input variable, domain controller * final commit, all tests passed with -H, updating the desc of T1136.002/4 --------- Co-authored-by: Hare Sudhan <code@0x6c.dev>	2023-06-26 16:30:28 -04:00
Atomic Red Team doc generator	5360c9d9ff	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-23 23:10:43 +00:00
hRun	df3e84d861	Correct T1547.004 Winlogon Notification test (#2470 ) * Corrected T1547.004 Winlogon Notification test * Added hint on deprecation --------- Co-authored-by: Hare Sudhan <code@0x6c.dev>	2023-06-23 17:09:45 -06:00
Atomic Red Team doc generator	3d463e9be0	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-23 22:43:43 +00:00
Atomic Red Team GUID generator	a5741ecb8f	Generate GUIDs from job=generate-docs branch=master [skip ci]	2023-06-23 22:43:25 +00:00
Bhavin Patel	ec3898e65b	Merge pull request #2457 from redcanaryco/gcp-atomic-additions Add GCP Atomics	2023-06-23 15:42:08 -07:00
Hare Sudhan	f10b65a2ea	add terraform files for T1098-17	2023-06-22 21:21:40 -04:00
Hare Sudhan	21129d8e95	Merge branch 'master' into gcp-atomic-additions	2023-06-22 20:38:13 -04:00
Hare Sudhan	098518241a	fix T1078.004	2023-06-22 20:37:31 -04:00
Hare Sudhan	63a994cf86	fix terraform; move gcloud login to deps	2023-06-22 20:34:28 -04:00
Atomic Red Team doc generator	0f229c0e42	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-16 03:55:19 +00:00
Atomic Red Team GUID generator	6ce797c851	Generate GUIDs from job=generate-docs branch=master [skip ci]	2023-06-16 03:55:01 +00:00
amalone-scwx	98bcc73b89	Add T1036.004 linux test rename process comm using prctl PR_SET_NAME (#2458 ) * Add T1036.004 linux test rename process comm using prctl PR_SET_NAME * fixing test to work with invoke-atomic --------- Co-authored-by: Hare Sudhan <code@0x6c.dev>	2023-06-15 23:54:21 -04:00
Atomic Red Team doc generator	2b77bcb303	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-15 22:33:14 +00:00
Carrie Roberts	a8fe2d2d77	mv adfind to bin (#2465 ) * move adfind to external resource * mv adfind to bin	2023-06-15 16:32:13 -06:00
Atomic Red Team doc generator	282a250cc9	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-15 21:42:03 +00:00
Carrie Roberts	32a4415e43	move adfind to external resource (#2464 )	2023-06-15 15:40:50 -06:00
Atomic Red Team doc generator	868f5477f6	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-15 19:53:19 +00:00
Carrie Roberts	586818a01f	use ExternalPayloads folder (#2462 ) * use ExternalPayloads folder * psexec as external dependency * psexec as external dependency	2023-06-15 13:52:16 -06:00
Atomic Red Team doc generator	7a430d5794	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-15 19:00:19 +00:00
Michael Haag	186b743391	Update T1553.005.yaml (#2463 ) ISO would mount but was not able to run the .exe. I fixed it. Now it works!	2023-06-15 12:59:17 -06:00
Atomic Red Team doc generator	84215139ee	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-15 16:29:11 +00:00
Carrie Roberts	db1a2cf461	removing: Disable Defender with Defender Control (#2461 )	2023-06-15 10:28:12 -06:00
Atomic Red Team doc generator	cef46e4479	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-15 16:17:12 +00:00
Carrie Roberts	068d32b1ea	use ExternalPayloads directory (#2460 ) * use ExternalPayloads directory * use ExternalPayloads directory * use ExternalPayloads directory	2023-06-15 10:16:12 -06:00
Atomic Red Team doc generator	199dd7f85d	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-14 20:25:05 +00:00
Carrie Roberts	3e4e817aa4	Add ExternalPayloads folder for downloaded prerequisites (#2459 ) * use ExternalPayloads folder for prereqs * git ignore ExternalPayloads folder * move External folder up one directory	2023-06-14 14:24:03 -06:00
Atomic Red Team doc generator	085b3ec2c9	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-14 00:21:58 +00:00
Atomic Red Team GUID generator	855857d46b	Generate GUIDs from job=generate-docs branch=master [skip ci]	2023-06-14 00:21:36 +00:00
Bhavin Patel	a6889a0c82	Merge pull request #2396 from D4rkCiph3r/D4rkCiph3r-T1486 Added 3 new tests - macOS T1486	2023-06-13 17:20:34 -07:00
Bhavin Patel	6d08edbdf0	Update T1486.yaml	2023-06-13 17:19:05 -07:00
Bhavin Patel	f7f5761ccf	Update T1486.yaml CI fixes	2023-06-13 17:17:54 -07:00
Bhavin Patel	3738aed0eb	Merge branch 'master' into D4rkCiph3r-T1486	2023-06-13 17:12:10 -07:00
Bhavin Patel	eaba80503f	Update T1486.yaml	2023-06-13 17:10:41 -07:00
Bhavin Patel	38687e45ad	Update T1486.yaml updated prereqs for two tests, remove ccrypt test since it does not work with art and testing	2023-06-13 17:10:04 -07:00
Hare Sudhan	336f8976d7	Merge branch 'master' into gcp-atomic-additions	2023-06-11 23:48:43 -04:00
Atomic Red Team doc generator	d8c164d3e6	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-10 05:19:16 +00:00
Hare Sudhan	65c5514899	Merge pull request #2452 from amalone-scwx/am_args parameterize T1070.002 tests	2023-06-10 01:18:17 -04:00
Hare Sudhan	d22b91cde8	Merge branch 'master' into am_args	2023-06-10 01:15:53 -04:00
Atomic Red Team doc generator	49e9c5e04e	Generated docs from job=generate-docs branch=master [ci skip]	2023-06-09 22:36:42 +00:00
Bhavin Patel	d025cb21db	Merge pull request #2451 from cnotin/pr-remove-pfx-export No need to export the PFX to get the public certificate, so removed it	2023-06-09 15:35:48 -07:00
Bhavin Patel	0d9659b915	Merge branch 'master' into pr-remove-pfx-export	2023-06-09 15:34:37 -07:00
Alex M	546ed5ea1e	backout changes to log -f	2023-06-09 13:05:25 -07:00
Hare Sudhan	d50b6d69d8	fixing tfvars	2023-06-09 15:54:45 -04:00
Hare Sudhan	c844ae9ad5	adding terraform files for T1485 adding terraform files for T1485	2023-06-09 15:53:07 -04:00
Paul	3c8f4a40f0	Add GCP Atomics Created 4 GCP-based atomics	2023-06-09 09:43:12 -07:00
Alonso Cárdenas	03aca258ad	Fix validate issues	2023-06-09 11:36:41 -05:00

... 24 25 26 27 28 ...

6615 Commits