security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,614 Commits 47 Branches 0 Tags
08dd613bb00fe95cefa3c897dbfedfe1f680f39a
Commit Graph

3614 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CyberBilly7 08dd613bb0 systembc (#1814) 
Co-authored-by: Chase James <cjames@nti.local>
 2022-03-15 21:52:20 -06:00
CircleCI Atomic Red Team doc generator 924cb2491c Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-16 00:45:11 +00:00
CircleCI Atomic Red Team GUID generator cbf89911c1 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-16 00:45:05 +00:00
tccontre 1cb8a5395b Disable Windows Notification And Some Group Policy Features. (#1813) 
* Update T1112.yaml

* Update T1112.yaml

* typos

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-15 18:44:39 -06:00
CircleCI Atomic Red Team doc generator 341b5b1987 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-16 00:32:47 +00:00
CircleCI Atomic Red Team GUID generator 6ac1e3a1a4 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-16 00:32:40 +00:00
Leo Verlod ba8f007cea Adding T1083 Test 5 - Simulating MAZE Directory Enumeration (#1812) 
Adding T1083 Test 5 - Simulating MAZE Directory Enumeration. This test is designed to simulate the directory enumeration function used by MAZE ransomware (Windows).
 2022-03-15 18:32:03 -06:00
CircleCI Atomic Red Team doc generator 12749d4ba6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 21:06:56 +00:00
CircleCI Atomic Red Team GUID generator b7425664a2 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 21:06:50 +00:00
Bhavin Patel 59e7e7bbe2 Merge pull request #1803 from esanyaCode/T1562.001-azure-defense-evasion-eventhub-deletion 
Updated Azure Eventhub Deletion Scenario
 2022-03-14 14:06:15 -07:00
Bhavin Patel 433d8a29e0 Merge branch 'master' into T1562.001-azure-defense-evasion-eventhub-deletion 2022-03-14 14:04:41 -07:00
CircleCI Atomic Red Team doc generator 6b82fe5136 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 18:07:44 +00:00
CircleCI Atomic Red Team GUID generator 3ce01207ea Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 18:07:38 +00:00
Tim Schulz 85ea448d3b Added procedural variation to include PowerShell execution and WMIC (#1801) 
* Added procedural variation to include PowerShell execution and WMIC

* Removed empty GUID lines

* Changed wmic to only command_prompt instead of powershell and command_prompt

Co-authored-by: Tim Schulz <tim@scythe.io>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 12:07:08 -06:00
Araveti Esanya Reddy 9dc726b495 updated as per review commets 2022-03-14 23:32:17 +05:30
CircleCI Atomic Red Team doc generator 052cae4391 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 18:01:13 +00:00
CircleCI Atomic Red Team GUID generator e0a6429a77 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 18:01:07 +00:00
tccontre d83aada893 Disable Windows Features (#1811) 
* Update T1112.yaml

* Update T1112.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 12:00:25 -06:00
CircleCI Atomic Red Team doc generator de8ceae8a6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:44:57 +00:00
CircleCI Atomic Red Team GUID generator 859404904a Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:44:50 +00:00
tccontre 7a4e2abcdb Update T1112.yaml (#1810) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:44:14 -06:00
CircleCI Atomic Red Team doc generator 3947bbc2a5 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:41:32 +00:00
Araveti Esanya Reddy f3e3346b1a updated as per review comments 2022-03-14 23:11:29 +05:30
CircleCI Atomic Red Team GUID generator de94c41347 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:41:26 +00:00
frack113 d3a53714b4 Add persistance via Recycle bin (#1809) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:41:04 -06:00
CircleCI Atomic Red Team doc generator 042bd99bdd Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:38:48 +00:00
CircleCI Atomic Red Team GUID generator 0f87abb865 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:38:42 +00:00
frack113 f6a8e78538 pnputil lolbin (#1808) 
* pnputil lolbin

* spelling

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:38:08 -06:00
CircleCI Atomic Red Team doc generator 1209d7b0f6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:32:56 +00:00
CircleCI Atomic Red Team GUID generator 5e47dae27b Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:32:49 +00:00
Michael Haag 687da9235b AD Enumeration - user/groups, pw policy (#1807) 
* More AD

* fix conflict resolution mistake

* add powershell

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:32:18 -06:00
CircleCI Atomic Red Team doc generator 4c019a8936 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 16:44:03 +00:00
CircleCI Atomic Red Team GUID generator b52281c4cd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 16:43:54 +00:00
Michael Haag d1e3e11730 AD Searching and powerview (#1806) 
* ADSI

* new atomics
 2022-03-14 10:43:19 -06:00
CircleCI Atomic Red Team doc generator 8aedc6cdd9 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-09 21:03:01 +00:00
Carrie Roberts 4e7a2ed599 fix prereq for screenshot test (#1805) 2022-03-09 14:02:31 -07:00
CircleCI Atomic Red Team doc generator 82df99e7c8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-09 16:16:04 +00:00
CircleCI Atomic Red Team GUID generator 455cd5837e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-09 16:15:58 +00:00
Leo Verlod 5148b9db57 Adding T1003.007 Test 3 - MimiPenguin Usage (#1804) 
Adding T1003.007 Test 3 - Capture Passwords with MimiPenguin. This test is designed to run the MimiPenguin script, which takes advantage of a vulnerability in Ubuntu-based distros, as well as certain versions of GNOME Keyring, in order to capture passwords in cleartext. Upon successful execution, user passwords will be exported to a file and displayed on-screen.
 2022-03-09 09:15:17 -07:00
Araveti Esanya Reddy af719c41d2 udpated azure eventhub deletion scenario 2022-03-08 17:57:22 +05:30
CircleCI Atomic Red Team doc generator 6052b5118a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-08 01:33:09 +00:00
SecWilson 42dd141032 Fixing Blackbyte Cleanup Commands (#1802) 
Co-authored-by: Wilson <SWilson@nti.local>
 2022-03-07 18:32:31 -07:00
CircleCI Atomic Red Team doc generator 682d8d732b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:34:07 +00:00
CircleCI Atomic Red Team GUID generator 03c3400af9 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:34:02 +00:00
SecWilson 43fa5fb8a0 Blackbyte privilege escalation via Powershell (#1796) 
Co-authored-by: Wilson <SWilson@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-07 10:33:31 -07:00
CircleCI Atomic Red Team doc generator 7dd9d481b5 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:18:44 +00:00
CircleCI Atomic Red Team GUID generator a38b68f067 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:18:39 +00:00
Leo Verlod 5388982089 Adding T1059.003 Test 4 - BlackByte Print Bombing (#1799) 
Adding T1059.003 Test 4, which is designed to emulate the print bombing behavior observed in recent BlackByte ransomware attacks.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-07 10:18:20 -07:00
CircleCI Atomic Red Team doc generator c81858120b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 16:39:15 +00:00
lucasRiley 999d18a36d T1059.005 Fix Cleanup and Prereq (#1798) 
Co-authored-by: Riley <lriley@NTI.local>
 2022-03-07 09:38:41 -07:00