security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,573 Commits 47 Branches 0 Tags
09ad06700a139d76cbf6eb08cccdba6be85f1bc0
Commit Graph

4573 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team GUID generator 09ad06700a Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-07 21:21:43 +00:00
BlueTeamOps 83ca10639b Update T1003 (#2225) 
* Added AppCmd list command

AppCmd list command can be used to retrieve IIS service account credentials.

* Update - Test name update and a new test

Updated the test name of 6c7a4fd3-5b0b-4b30-a93e-39411b25d889
Added a new test to simulate /config command for AppCmd
 2022-11-07 14:21:05 -07:00
Atomic Red Team doc generator 17b4c931b6 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-07 14:39:00 +00:00
Atomic Red Team GUID generator c03fb24928 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-07 14:38:54 +00:00
BlueTeamOps ae01b90e1f Added AppCmd list command (#2224) 
AppCmd list command can be used to retrieve IIS service account credentials.
 2022-11-07 07:38:16 -07:00
Atomic Red Team doc generator dc947ea3ae Generated docs from job=generate-docs branch=master [ci skip] 2022-11-04 19:38:42 +00:00
Atomic Red Team GUID generator b4ce61ac45 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-04 19:38:35 +00:00
Jose Enrique Hernandez d5b7ecb116 Merge pull request #2211 from packetzero/am_t1547_015_loginitem 
Add macOS T1547.015 add/remove LoginItem via AppleScript
 2022-11-04 15:38:08 -04:00
Jose Enrique Hernandez aaca4c60e6 Merge branch 'master' into am_t1547_015_loginitem 2022-11-04 15:37:22 -04:00
Atomic Red Team doc generator 721e184423 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-04 17:04:14 +00:00
Jose Enrique Hernandez 3a0d280883 Merge pull request #2195 from jmac774/patch-2 
Fix T1546.004 for remote execution on Linux
 2022-11-04 13:03:41 -04:00
Jose Enrique Hernandez 4921b5f679 Merge branch 'master' into patch-2 2022-11-04 13:00:59 -04:00
Atomic Red Team doc generator f1fe367fc7 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-03 20:06:21 +00:00
Atomic Red Team GUID generator 422ab1751f Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-03 20:06:15 +00:00
Thomas de Brelaz 96b45ecbbf Added missing test for T1547.014 Active Setup, 3 tests created (#2219) 
* Added missing test for T1547.014 Active Setup, 3 tests created

 Committer: Thomas De Brelaz <thockoro@hotmail.com>

* some format changes and simplications

* Update T1547.014.yaml

Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-11-03 15:05:44 -05:00
Atomic Red Team doc generator 5f084fc1e1 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-03 18:45:42 +00:00
DerKi ae1493e46e Update T1560.001.yaml (#2221) 
The name for "Compress Data and lock with password for Exfiltration with winzip" of T1560.001.yaml
Invoke-WebRequestVerifyHash function has not import
 2022-11-03 13:45:03 -05:00
Atomic Red Team doc generator a052ee3bca Generated docs from job=generate-docs branch=master [ci skip] 2022-11-02 17:55:09 +00:00
Atomic Red Team GUID generator 71b8056ed2 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-02 17:55:02 +00:00
Carrie Roberts 8300ec7632 Create Symbolic Link From osk.exe to cmd.exe (#2218) 
* Create Symbolic Link From osk.exe to cmd.exe

* Update T1546.008.yaml
 2022-11-02 11:54:33 -06:00
Jose Enrique Hernandez cc704d65bd Merge branch 'master' into patch-2 2022-11-01 11:37:46 -04:00
Atomic Red Team doc generator 31d9ef273e Generated docs from job=generate-docs branch=master [ci skip] 2022-11-01 15:25:54 +00:00
Atomic Red Team GUID generator dde1c39789 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-01 15:25:47 +00:00
BlueTeamOps 5da061570e Added CommandProcessor Autorun (#2214) 
* Added CommandProcessor Autorun

* add an hcku version as well

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-11-01 10:25:17 -05:00
Atomic Red Team doc generator 2bdf7058a5 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 18:59:04 +00:00
Atomic Red Team GUID generator 72a67e2dc8 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-31 18:58:56 +00:00
BlueTeamOps a69e08e6ae Updated T1048.003 to include Rclone (#2202) 
* Updated T1048.003 to include Rclone 

Added the use of Rclone to exfiltrate data to an external FTP server.

* Updated the test as discussed.

* Fixed the typo

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-31 13:58:24 -05:00
Atomic Red Team doc generator 8c427d03ea Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 18:55:22 +00:00
Atomic Red Team GUID generator 535c5be594 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-31 18:55:16 +00:00
Paul f5e9554b1a Update T1562.001.yaml (#2216) 
Add Atomic to leverage WMI to exclude a folder within Defender.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-31 13:54:50 -05:00
Atomic Red Team doc generator 43d82f25da Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 18:42:04 +00:00
Carrie Roberts 2589ca7d6f fix missing input arg (#2210) 2022-10-31 13:41:32 -05:00
Atomic Red Team doc generator 40cb9df131 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-31 14:02:32 +00:00
Atomic Red Team GUID generator cd6e3d15ae Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-31 14:02:26 +00:00
Paul aaf8223501 t1027-006-html-smuggling (#2215) 
Add Atomic for HTML smuggling
 2022-10-31 08:01:55 -06:00
Alex M 2b06c09045 Add note in description about backgrounditems.btm file 2022-10-30 16:00:54 -05:00
Alex M 04506ef79b update description 2022-10-30 15:49:21 -05:00
Alex M 0fcbe1d052 Add T1547.015 test to add login item via applescript 2022-10-30 15:47:06 -05:00
Atomic Red Team doc generator 6f0df94b1d Generated docs from job=generate-docs branch=master [ci skip] 2022-10-28 17:46:40 +00:00
DerKi a317977c6b Update T1056.001.yaml (#2208) 
* Update T1056.001.yaml

fix bug: "Input Capture" of T1056.001 not download poweshel script

* update url

I updated the URL to point to the "raw" ps1 file instead of the html page showing the preview. Also removed the input arg for the PS1 since the attack commands call the script directly and don't use the input argument. Also, not likely that users will need to modify that input arg so leaving it out for clarity. Chose to give the full path to the ps1 script in the attack commands instead of changing directories first.

* Update T1056.001.yaml

* Update T1056.001.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-10-28 12:46:13 -05:00
Atomic Red Team doc generator 69ff63cbeb Generated docs from job=generate-docs branch=master [ci skip] 2022-10-28 17:03:36 +00:00
DerKi 0d4be0fcdc Update T1070.003.yaml (#2209) 
In this command "Set-PSReadLineOption -HistorySaveStyle SaveIncrementally",The "–" correct is "-"
 2022-10-28 12:02:59 -05:00
Atomic Red Team doc generator c434c577af Generated docs from job=generate-docs branch=master [ci skip] 2022-10-27 20:35:40 +00:00
Carrie Roberts 4fffd2bd92 add dependency executor since it is different than attack cmds (#2203) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-10-27 14:35:07 -06:00
Atomic Red Team doc generator fd90991054 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-27 20:17:13 +00:00
Atomic Red Team GUID generator d3f49a0913 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-10-27 20:17:07 +00:00
Carrie Roberts 066d82351c New AutoDial DLL persistence atomic (#2207) 
* New AutoDial DLL persistence atomic

* Update T1546.yaml
 2022-10-27 14:16:38 -06:00
Atomic Red Team doc generator a3f9a79d63 Generated docs from job=generate-docs branch=master [ci skip] 2022-10-27 17:12:15 +00:00
Paul 74a13a8b92 Merge pull request #2206 from redcanaryco/isofix 
Update T1553.005 - Runs lnk now
 2022-10-27 10:11:38 -07:00
Michael Haag 93c92d10b2 Update T1553.005 - Runs lnk now 2022-10-27 11:03:58 -06:00