security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,615 Commits 47 Branches 0 Tags
remove_ruby
Commit Graph

6615 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Rickard 1fe727afc4 fix: Removing index files with colons (#2319) 
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
 2023-02-06 15:07:17 -07:00
Josh Rickard 028a179f3f fix: Fixing index file names by removing colon and replacing with underscore (#2318) 
Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
 2023-02-06 15:01:14 -07:00
Atomic Red Team doc generator a7e555c092 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-06 20:20:38 +00:00
Josh Rickard 9913e9b23a fix: Fix unescaped backslash in description (#2317) 
Details:

When generating markdown documents, certain commands were not being parsed correctly when rendering strings from Mitre ATT&CK JSON objects. This PR fixes that issue by replacing double backslash with null strings in the technique['description'] portion of the ERB template.

Testing:

Generated docs and the only document/technique effected by this change is T1546.008. I know it's small but it helps.

Associated Issues:

fixed #1539
 2023-02-06 15:19:46 -05:00
Josh Rickard a24028a3e3 Add platform based indexes (#2311) 
* feat: Adding call to generate YAML index files broken out by platform type based on the supported_platforms array values.

* feat: Add new method generate_yaml_index_by_platform to generate yaml indexes based on the provided platform type

* feat: Added new method atomic_tests_for_technique_by_platform to retrieve techniques from API and add atomic_tests based on the provided platform vbalue

---------

Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-06 11:36:25 -07:00
Atomic Red Team doc generator d61000ff30 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-06 13:25:25 +00:00
Atomic Red Team GUID generator 0db5a0261a Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-02-06 13:25:17 +00:00
Paul Michaud ab7bfc70cc Merge pull request #2312 from redcanaryco/CertUtil 
Export Certificates
 2023-02-06 13:24:41 +00:00
Paul Michaud a17a26f2f9 Merge branch 'master' into CertUtil 2023-02-06 13:22:22 +00:00
Keith McCammon d3131e5583 Create stale.yml to close stale issues and PRs (#2315) 2023-02-04 18:22:43 -07:00
0xv1n 9c20512b68 Begin T1580 Coverage - AWS 
This commit adds coverage for AWS Cloud Discovery commands run from EC2. Stratus is utilized to spin up and tear down needed testing infrastructure, similar to other cloud coverage in the ART repo previously.
 2023-02-04 13:59:57 -05:00
biot-2131 44f5d3ce23 T1546.004 2023-02-04 13:59:36 +00:00
Michael Haag c0bba5e5ec Update T1552.004.yaml 2023-02-04 06:36:46 -07:00
Michael Haag 599e147cfd ExportPFX 2023-02-04 05:55:40 -07:00
Atomic Red Team doc generator cd3690b100 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-31 14:48:55 +00:00
Atomic Red Team GUID generator b12b28bf52 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-31 14:48:49 +00:00
Leo Verlod 1896e182c5 Adding T1112 Mimic Ransomware Registry Modification Tests (#2306) 
Adding T1112 tests 45 and 46 to emulate Mimic ransomware's ability to modify the registry in order to enable multiple user sessions locally, as well as allow multiple RDP sessions per user. 

Reference: https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-31 09:48:20 -05:00
Atomic Red Team doc generator 70b897d8d8 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-31 14:45:49 +00:00
Atomic Red Team GUID generator 8efb2a9443 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-31 14:45:42 +00:00
Leo Verlod fed5ad2204 Adding T1562.004 Test 18 - Blackbit - Disable Windows Firewall using netsh firewall (#2305) 
* Adding T1562.004 Test 18 - Blackbit - Disable Windows Firewall using netsh firewall

Adding T1562.004 Test 18 - Blackbit - Disable Windows Firewall using netsh firewall. Within BlackBit ransomware, one of the commands ran is "netsh firewall set opmode mode=disable". While "netsh firewall" has been deprecated and replaced with "netsh advfirewall", the old command still does work, leading to a vector that adversaries can use for firewall disablement.

* Adding error handling to cleanup
 2023-01-31 09:45:07 -05:00
yogisec 45964ab763 echo for prereq 2023-01-29 07:21:21 -06:00
yogisec 5173af83ae add missing | 2023-01-29 07:19:22 -06:00
yogisec 2f1cbadead adding get prereq command 2023-01-29 07:17:55 -06:00
yogisec 37e1fd7c4d initial 2023-01-29 06:49:35 -06:00
Biological Robot eed9c5b08d Merge branch 'master' into T1059.004_four_tests 2023-01-28 17:19:31 +00:00
biot-2131 4ed469e217 T1048.003 Python3 http.server 2023-01-28 09:19:12 +00:00
biot-2131 d15214994a T1059.004 - Added four tests 2023-01-28 08:38:16 +00:00
Atomic Red Team doc generator a2ccd19c37 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-26 20:13:03 +00:00
yonatanS1 ae3d762b50 Fix bz2 command (#2299) 
Details:
Cast bz2content to str to avoid type error. (TypeError: write() argument must be str, not bytes)

Testing:
Local testing was done.

Associated Issues:
N/A

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-26 15:12:30 -05:00
Atomic Red Team doc generator 6c872029ee Generated docs from job=generate-docs branch=master [ci skip] 2023-01-26 20:11:47 +00:00
Atomic Red Team GUID generator fac22a7b8b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-26 20:11:41 +00:00
IntelScott cbb21a1cc1 Update T1082.yaml (#2298) 
Add new test to simulate behavior recently observed in use by an infostealer family
 2023-01-26 15:10:52 -05:00
Atomic Red Team doc generator 5cdf6648cf Generated docs from job=generate-docs branch=master [ci skip] 2023-01-23 17:22:39 +00:00
Atomic Red Team GUID generator 40c215713b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-23 17:22:32 +00:00
Bhavin Patel cc821663e6 Merge pull request #2284 from biot-2131/T1059.004_script_in_tmp 
T1059.004 New script file in the tmp directory
 2023-01-23 09:22:06 -08:00
Bhavin Patel 786eebb576 Merge branch 'master' into T1059.004_script_in_tmp 2023-01-23 09:17:40 -08:00
Atomic Red Team doc generator d21f98b9cc Generated docs from job=generate-docs branch=master [ci skip] 2023-01-23 17:16:34 +00:00
Atomic Red Team GUID generator 4e1fc46105 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-23 17:16:26 +00:00
Bhavin Patel 1ff13d9b30 Merge pull request #2297 from cyberbuff/T1201 
T1201: Password Policy for AWS
 2023-01-23 09:15:50 -08:00
Hare Sudhan 28d3d33c8e added test for t1201 2023-01-23 11:55:07 +00:00
Hare Sudhan Muthusamy 79f5a7e171 tfvars fix 2023-01-23 05:34:48 -05:00
Hare Sudhan Muthusamy 53fe3eaacd pre req command fix 2023-01-23 04:04:05 -05:00
Hare Sudhan Muthusamy 9eff413653 minor changes 2023-01-23 03:59:23 -05:00
Hare Sudhan Muthusamy 13f7990317 adding terraform validation 2023-01-23 03:55:16 -05:00
Hare Sudhan Muthusamy 2303ca6199 fixing atomic yaml 2023-01-23 03:52:51 -05:00
Hare Sudhan Muthusamy e2ae7513d1 cleanup 2023-01-23 03:24:19 -05:00
Hare Sudhan 3191d2ef7a Merge branch 'master' into tf 2023-01-23 01:42:18 -05:00
Atomic Red Team doc generator 16e52c1d55 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-21 23:56:47 +00:00
Zeta 073eda8319 Fix link (#2293) 
Fix the sigma rule links
 2023-01-21 18:56:04 -05:00
Atomic Red Team doc generator 0dcc9bb796 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-18 22:05:05 +00:00