security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,855 Commits 47 Branches 0 Tags
08412f4ec1d86f6167d0adb3ca97d1c2ff5fbbd7
Commit Graph

2855 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rctgardner 08412f4ec1 added file tests to python and perl too 2021-06-22 17:51:47 -06:00
rctgardner 57e18e6c84 T1140 added python, perl and sh base64 tests 2021-06-22 17:15:36 -06:00
CircleCI Atomic Red Team doc generator 722cc9a292 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-22 15:46:20 +00:00
Carrie Roberts 5b6f89f30f safer cleanup, correct filename (#1526) 2021-06-22 09:46:01 -06:00
CircleCI Atomic Red Team doc generator a0e012ee09 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-17 13:11:19 +00:00
Carrie Roberts 7a17072dd3 don't disable rdp during cleanup by default (#1523) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2021-06-17 07:10:51 -06:00
CircleCI Atomic Red Team doc generator e7e5779025 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-17 13:08:27 +00:00
Carrie Roberts 358d58bad5 add note about secure boot (#1524) 2021-06-17 07:07:56 -06:00
CircleCI Atomic Red Team doc generator 7e428d79d0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 21:38:51 +00:00
Carrie Roberts 388f671d93 name update (#1521) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2021-06-16 15:38:19 -06:00
CircleCI Atomic Red Team doc generator 532f4dc882 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 20:28:57 +00:00
adeliktas 2710d10531 T1566.001-1 download bugfixes (#1522) 
* T1566.001-1 download bugfixes

* comment update

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-16 14:28:41 -06:00
CircleCI Atomic Red Team doc generator 88ad3fd322 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 18:41:22 +00:00
SecurityShrimp 42799b033d added TLS/SSL v1.2 enabling commands to any atomic test utilizing IWR (#1519) 
* Update T1204.002.md

Added lines to each test using IWR for invoke-webrequest to set the acceptable TLS versions for the commands to complete successfully by prepending the tests with 

```[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12```

* Update T1555.yaml

added line to set ssl/tls version

* Update T1134.001.yaml

updated IWR lines to allow ssl/tls version 1.2

* Update T1069.002.yaml

added lines to every IWR instance to set ssl/tls version to 1.2

* Update T1558.003.yaml

added line to allow TLS/SSL 1.2

* Update T1033.yaml

added command to enable SSL/TLS v1.2

* Update T1055.012.yaml

added command to enable TLS/SSL v1.2

* Update T1115.yaml

Added command to enable SSL/TLS v1.2

* Update T1070.001.yaml

added command enabling SSL/TLS v 1.2

* Update T1564.yaml

added commands to enable SSL/TLS v 1.2

* Update T1566.001.yaml

added command to enable SSL/TLS V1.2

* Update T1135.yaml

added command to enable SSL/TLS v1.2

* Update T1055.yaml

added commands to enable TLS/SSL v 1.2

* Update T1110.003.yaml

added command to enable TLS/SSL v1.2

* Update T1003.yaml

Added command to enable TLS/SSL v1.2

* Update T1053.005.yaml

added command to enable TLS/SSL v1.2

* Update T1003.001.yaml

added commands to enable TLS/SSL v1.2 for any command using invoke-webrequest

* Update T1069.002.yaml

syntax correction

* Update T1134.001.yaml

syntax correction

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-16 12:41:04 -06:00
adeliktas 7e86e9a781 T1566.001-1 using default Browser via explorer.exe instead of chrome PhishingAttachment.xlsm (#1520) 2021-06-16 12:38:40 -06:00
CircleCI Atomic Red Team doc generator 1219378ebd Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 15:08:12 +00:00
CircleCI Atomic Red Team GUID generator 78bb39a82d Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 15:08:05 +00:00
Carl ae4cea452f Merge pull request #1510 from rctgardner/t1105_whois 
Added 'whois file download' test to T1105
 2021-06-16 09:07:38 -06:00
Carl d0c0fe03dd Merge branch 'master' into t1105_whois 2021-06-16 09:07:07 -06:00
CircleCI Atomic Red Team doc generator c7125ac307 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-16 04:39:47 +00:00
BaffledJimmy 799ea20a95 Amend regkey path for Macro security level (#1515) 
* Amend regkey path for Macro security level

As shown in this image - https://www.mdsec.co.uk/wp-content/uploads/2020/11/image-2-768x191.png.webp - the correct regkey is \Level\. The existing ```reg add``` syntax will not create a Level value with a DWORD of 4 (disable all).  Also changed the regkey to 1 (enable all macros without notif).

```
4 = Disable all macros without notification
3 = Notifications for digitally signed macros, all other macros disabled
2 = Notifications for all macros
1 = Enable all Macros
```

* Update T1137.yaml

* Update T1137.md
 2021-06-15 22:39:17 -06:00
CircleCI Atomic Red Team doc generator 8a67b64944 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:50:23 +00:00
CircleCI Atomic Red Team GUID generator 62f0f37fc6 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:50:17 +00:00
BlueTeamOps 9f397c259c Added Disabling Firewall via Registry (#1516) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-15 09:49:55 -06:00
CircleCI Atomic Red Team doc generator a78c0ae822 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:46:52 +00:00
SecurityShrimp 7a73723a7b Update T1059.005.yaml (#1518) 
added lines to enable TLS v 1.2

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-15 09:46:01 -06:00
CircleCI Atomic Red Team doc generator 84f9f9ffdd Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-15 15:45:23 +00:00
Jil Larner 871a3584b8 Fixed bug in script path (#1517) 
The path was referring to T1595.002 instead of T1082, where the script resides. Due to the moved requested in #1320 and missed.
 2021-06-15 09:44:48 -06:00
rctgardner 1531e9d3f0 fix t1105 indent 2021-06-11 15:26:30 -06:00
CircleCI Atomic Red Team doc generator ecc7d70057 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 20:04:40 +00:00
CircleCI Atomic Red Team GUID generator 130328dafc Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 20:04:34 +00:00
Carl dfbd9572e2 Merge pull request #1507 from rctgardner/t1036_005 
T1036.005: Masquerading: Match Legitimate Name or Location
 2021-06-11 14:04:12 -06:00
Carl 14f0926d64 Merge branch 'master' into t1036_005 2021-06-11 13:48:52 -06:00
CircleCI Atomic Red Team doc generator 1f69c7fb08 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:45:31 +00:00
CircleCI Atomic Red Team GUID generator 17eab72057 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:45:25 +00:00
Carl af0da25c0a Merge branch 'master' into t1036_005 2021-06-11 13:45:06 -06:00
Carl 707c970acc Merge pull request #1504 from madhavbhatt/T1110-004-Credential-Stuffing 
T1110.004 : SSH Credential Stuffing FROM Linux , MacOS
 2021-06-11 13:45:02 -06:00
Carl 0fa9b69292 Merge branch 'master' into t1036_005 2021-06-11 13:44:58 -06:00
Carl 120c6d840e Merge branch 'master' into T1110-004-Credential-Stuffing 2021-06-11 13:42:57 -06:00
CircleCI Atomic Red Team doc generator 0c19189bf8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:40:11 +00:00
CircleCI Atomic Red Team GUID generator acb9c9d55e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-11 19:40:02 +00:00
Carl 1e0e898c65 Merge pull request #1505 from rctgardner/t1003_007 
T1003.007: OS Credential Dumping: Proc Filesystem
 2021-06-11 13:39:39 -06:00
Carl 609e841708 Merge branch 'master' into t1003_007 2021-06-11 13:37:46 -06:00
CircleCI Atomic Red Team doc generator b97bfd31e6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 17:18:45 +00:00
CircleCI Atomic Red Team GUID generator f123433567 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 17:18:39 +00:00
Suman Kar 1c799637ce New Dump credentials from Windows Credential Manager With PowerShell … (#1508) 
* New Dump credentials from Windows Credential Manager With PowerShell [windows Credentials & web Credentials]

* Update T1555.yaml

* Update T1555.yaml

* use permanent github link for script

* use github permanent link for script

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-06-10 11:18:12 -06:00
CircleCI Atomic Red Team doc generator 2b3f9444ae Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 05:39:34 +00:00
Carrie Roberts 54486ba7a5 force the reg add and fix error where otm wasn't being created (#1511) 
Co-authored-by: Keith McCammon <keith@redcanary.com>
 2021-06-09 23:38:58 -06:00
CircleCI Atomic Red Team doc generator 733963824b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 03:44:56 +00:00
CircleCI Atomic Red Team GUID generator ed7a8170cc Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-06-10 03:44:49 +00:00