security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,615 Commits 47 Branches 0 Tags
remove_ruby
Commit Graph

6615 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team doc generator 27770715fb Generated docs from job=generate-docs branch=master [ci skip] 2023-03-17 19:20:24 +00:00
Bhavin Patel 7f8676c6b9 Merge pull request #2364 from cnotin/pr-fix-upn-confusion 
T098: accept UserPrincipalName for the "user_principal_name" argument
 2023-03-17 14:18:53 -05:00
Bhavin Patel d87f86a4d6 Merge branch 'master' into pr-fix-upn-confusion 2023-03-17 14:11:42 -05:00
Atomic Red Team doc generator c3675964f8 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-17 19:00:35 +00:00
Atomic Red Team GUID generator fa1e708682 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-17 19:00:19 +00:00
Jose Enrique Hernandez 0f79569e2d Merge pull request #2321 from D4rkCiph3r/T1078.003 
Added 3 new tests T1078.003 - macOS
 2023-03-17 14:59:16 -04:00
Jose Enrique Hernandez 29aa3f07bf Merge branch 'master' into T1078.003 2023-03-17 12:38:36 -04:00
Jose Enrique Hernandez 4ca92ab6b6 Merge branch 'master' into patch-1 2023-03-17 11:29:18 -04:00
Burning_PM 67afbfe15c Fix-Cleanup-Command 
Fix the cleanup command to pass the output_path input argument instead of being hardcoded.
 2023-03-17 06:53:35 -07:00
Gavin Knapp 171d9d5e72 Merge branch 'master' into gk-atomic-red-team-T1531-Account-Deletion 2023-03-17 08:34:04 +00:00
Atomic Red Team doc generator 8025353c3d Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 23:41:15 +00:00
Atomic Red Team GUID generator d62766548b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-16 23:40:55 +00:00
Paul 73a144caa6 T1033-whoami-simplification (#2370) 
* Variation on system/user discovery

Slight variation on Test 1: System Owner/User Discovery. This is meant to be a stripped down version.

* Update T1033.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-03-16 17:39:46 -06:00
Atomic Red Team doc generator 077f0ac288 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 23:36:29 +00:00
Atomic Red Team GUID generator 824eb46e08 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-16 23:36:12 +00:00
Carrie Roberts 011e512d29 add Cobalt Strike named pipe atomics (#2372) 2023-03-16 17:35:10 -06:00
hg8064 9cbcd8977c update T1562.004 with more commands 2023-03-16 17:49:53 +01:00
Atomic Red Team doc generator 809970561a Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 15:51:28 +00:00
Carrie Roberts 9fed5b2315 remove unused input arg (#2368) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-16 09:50:15 -06:00
Atomic Red Team doc generator 7db6b229bd Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 15:48:11 +00:00
Carrie Roberts 6a7bdf14d9 remove unused input arg (#2367) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-16 09:47:23 -06:00
Atomic Red Team doc generator 535c693a65 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 15:44:49 +00:00
Carrie Roberts 4d272cdcdc remove unused inputargs (#2366) 2023-03-16 09:44:03 -06:00
hg8064 cc251318dc update T1012 with more commands 2023-03-15 20:10:31 +01:00
Clément Notin efd6dbb465 T098: accept UserPrincipalName for the "user_principal_name" argument 
In Azure AD a "user principal name" can be interpreted as the "name of a principal of type user"
or as the "UserPrincipalName (UPN)" user attribute!
But most people will expect the second meaning. Which is confusing since this test actually expects to see
the user display name in this attribute.

I think there was a confusion with the sibling test which is for "service principal",
so for which the argument to designate it by name is "service_principal_name".

With this change, there is no regression while being compatible with people passing a UPN to this argument.
 2023-03-15 18:25:11 +01:00
Gavin Knapp 92c180bf43 Merge branch 'redcanaryco:master' into gk-atomic-red-team-T1531-Account-Deletion 2023-03-14 07:53:42 +00:00
Atomic Red Team doc generator 159dda49d8 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-14 00:45:40 +00:00
Atomic Red Team GUID generator de0f49fb5c Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-14 00:45:21 +00:00
Bhavin Patel 8b6a61bff1 Merge pull request #2355 from sulakshan-kumar/Azure_Persistence_Automation_Runbook_Created_or_Modified 
Azure persistence automation runbook created or modified
 2023-03-13 17:44:44 -07:00
Bhavin Patel 9a084cbf66 Merge branch 'master' into Azure_Persistence_Automation_Runbook_Created_or_Modified 2023-03-13 17:44:08 -07:00
Atomic Red Team doc generator f6437b843f Generated docs from job=generate-docs branch=master [ci skip] 2023-03-14 00:43:58 +00:00
Atomic Red Team GUID generator 56840ea08a Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-14 00:43:40 +00:00
Bhavin Patel 94cedd4acf Merge pull request #2359 from m4nbat/gk-atomic-red-team-T1136.003-Azure-CLI 
Gk atomic red team t1136.003 azure cli
 2023-03-13 17:43:06 -07:00
Gavin Knapp 8a6b82d185 Merge branch 'master' into gk-atomic-red-team-T1136.003-Azure-CLI 2023-03-13 20:41:10 +00:00
Atomic Red Team doc generator d26d95d3f7 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:57:35 +00:00
Carrie Roberts 04b6a8fbc3 Adfind prereq fixes (#2360) 
* doesn't exfil data as written

* update prereqs

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-13 12:56:47 -06:00
Atomic Red Team doc generator c86971b4e7 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:54:24 +00:00
Carrie Roberts dbcf181202 fix typo (#2358) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-13 12:53:33 -06:00
Atomic Red Team doc generator c42cd26868 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:41:34 +00:00
Carrie Roberts 08f1fdcc2b use ART repo instead of ARTifacts (#2361) 
* use ART repo instead of ARTifacts

* typo fix
 2023-03-13 12:40:49 -06:00
Gavin Knapp 1e3ecda292 Update T1531.yaml 
removed special character causing an error
 2023-03-11 14:07:32 +00:00
Gavin Knapp 949d151fc2 Update T1531.yaml 
Added two account deletion tests for Azure AD, one via Azure CLI and another using AzureAD PowerShell Module
 2023-03-11 14:03:40 +00:00
Gavin Knapp c0b144a44a Update T1136.003.yaml 
removed auto_generated_guid field that was failing checks
 2023-03-11 13:40:18 +00:00
Gavin Knapp 434a54490d Update T1136.003.yaml 
fixed a couple of typos and removed a blank line
 2023-03-11 07:51:42 +00:00
Gavin Knapp cd12370a63 Update T1136.003.yaml 2023-03-10 21:49:39 +00:00
Gavin Knapp 937c62b9be Update T1136.003.yaml 2023-03-10 21:28:09 +00:00
Gavin Knapp 13c3f8361f Update T1136.003.yaml 
Added the same technique but via the azure cli with an automated login atomic which then creates  anew user via the Azure CLI
 2023-03-10 21:27:27 +00:00
Bhavin Patel cf4acdc527 Merge branch 'master' into Azure_Persistence_Automation_Runbook_Created_or_Modified 2023-03-09 14:44:58 -08:00
Atomic Red Team doc generator b65e562290 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-09 22:42:27 +00:00
Atomic Red Team GUID generator aaf3fd5992 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-09 22:42:12 +00:00