* T1082 list linux kernel modules - remove sudo
Fix for #2233. Remove unnecessary `sudo` from T1082 "Linux list kernel modules" commands. Add another mechanism to `cat /proc/modules`.
* change to grep proc modules
A little more interesting to grep the /proc/modules file rather than cat.
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
Enabling Restricted Admin Mode via Command_Prompt, enables an attacker to perform a pass-the-hash attack using RDP
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Fixed Automated Collection Command Prompt variable call
While using the commands from a batch file the old code wont work because of the way the variable is being called.
The addition of '%' fixed the issue.
* Update T1119.yaml
* add slash
* Update T1564.004.yaml
* Update T1564.004.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Fairly straight forward to deploy a container.
Details:
There was no test case for deploying a container in the atomic-red team and I was working with atomic red team so thought to create a pr for this feature
Testing:
Tested using ubuntu as the base image. It creates an image and runs that image to check that image is deployed properly.
It may take up to a couple of minutes to run due to image creation. If it hangs for longer than a minute, something went wrong.
Associated Issues:
None
Fairly straight forward way to execute into a container.
Details:
The test was created for kubernetes and mitre framework also mentioned about docker. So created a second test for the same.
Testing:
Tested using ubuntuas the base image. If using just Docker, run the container(already present in the script) and execute the testcase.
It may take up to a minute to run due to image creation. If it hangs for longer than a minute, something went wrong.
Associated Issues:
None
* Remote System Discovery - net group Domain Controller
Identify remote systems with net.exe querying the Active Directory Domain Controller. Upon successful execution, cmd.exe will execute cmd.exe against Active Directory to list the "Domain Controller" in the domain. Output will be via stdout.
* Update T1018.yaml
* Update T1018.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Atomic Red Team doc generator