security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,778 Commits 47 Branches 0 Tags
0db5a0261acfa93b2ff97f0ed8d3c4dcfc190157
Commit Graph

3718 Commits

Author SHA1 Message Date
Atomic Red Team GUID generator 0db5a0261a Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-02-06 13:25:17 +00:00
Michael Haag c0bba5e5ec Update T1552.004.yaml 2023-02-04 06:36:46 -07:00
Michael Haag 599e147cfd ExportPFX 2023-02-04 05:55:40 -07:00
Atomic Red Team doc generator cd3690b100 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-31 14:48:55 +00:00
Atomic Red Team GUID generator b12b28bf52 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-31 14:48:49 +00:00
Leo Verlod 1896e182c5 Adding T1112 Mimic Ransomware Registry Modification Tests (#2306) 
Adding T1112 tests 45 and 46 to emulate Mimic ransomware's ability to modify the registry in order to enable multiple user sessions locally, as well as allow multiple RDP sessions per user. 

Reference: https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-31 09:48:20 -05:00
Atomic Red Team doc generator 70b897d8d8 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-31 14:45:49 +00:00
Atomic Red Team GUID generator 8efb2a9443 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-31 14:45:42 +00:00
Leo Verlod fed5ad2204 Adding T1562.004 Test 18 - Blackbit - Disable Windows Firewall using netsh firewall (#2305) 
* Adding T1562.004 Test 18 - Blackbit - Disable Windows Firewall using netsh firewall

Adding T1562.004 Test 18 - Blackbit - Disable Windows Firewall using netsh firewall. Within BlackBit ransomware, one of the commands ran is "netsh firewall set opmode mode=disable". While "netsh firewall" has been deprecated and replaced with "netsh advfirewall", the old command still does work, leading to a vector that adversaries can use for firewall disablement.

* Adding error handling to cleanup
 2023-01-31 09:45:07 -05:00
Atomic Red Team doc generator a2ccd19c37 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-26 20:13:03 +00:00
yonatanS1 ae3d762b50 Fix bz2 command (#2299) 
Details:
Cast bz2content to str to avoid type error. (TypeError: write() argument must be str, not bytes)

Testing:
Local testing was done.

Associated Issues:
N/A

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-26 15:12:30 -05:00
Atomic Red Team doc generator 6c872029ee Generated docs from job=generate-docs branch=master [ci skip] 2023-01-26 20:11:47 +00:00
Atomic Red Team GUID generator fac22a7b8b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-26 20:11:41 +00:00
IntelScott cbb21a1cc1 Update T1082.yaml (#2298) 
Add new test to simulate behavior recently observed in use by an infostealer family
 2023-01-26 15:10:52 -05:00
Atomic Red Team doc generator 5cdf6648cf Generated docs from job=generate-docs branch=master [ci skip] 2023-01-23 17:22:39 +00:00
Atomic Red Team GUID generator 40c215713b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-23 17:22:32 +00:00
Bhavin Patel 786eebb576 Merge branch 'master' into T1059.004_script_in_tmp 2023-01-23 09:17:40 -08:00
Atomic Red Team doc generator d21f98b9cc Generated docs from job=generate-docs branch=master [ci skip] 2023-01-23 17:16:34 +00:00
Atomic Red Team GUID generator 4e1fc46105 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-23 17:16:26 +00:00
Hare Sudhan 28d3d33c8e added test for t1201 2023-01-23 11:55:07 +00:00
Atomic Red Team doc generator 16e52c1d55 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-21 23:56:47 +00:00
Zeta 073eda8319 Fix link (#2293) 
Fix the sigma rule links
 2023-01-21 18:56:04 -05:00
Atomic Red Team doc generator 0dcc9bb796 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-18 22:05:05 +00:00
Atomic Red Team GUID generator 2a674b42c0 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-18 22:04:57 +00:00
tlor89 80c5228e9a T1059.007-update (#2289) 
Co-authored-by: Toua Lor <tlor@nti.local>
 2023-01-18 16:04:16 -06:00
biot-2131 6b06371f41 added unset command 2023-01-17 22:56:32 +00:00
biot-2131 abf60a7499 updated the title 2023-01-17 21:51:01 +00:00
biot-2131 8573945248 T1059.004 New script file in the tmp directory 2023-01-17 21:32:05 +00:00
Atomic Red Team doc generator 054d7516ca Generated docs from job=generate-docs branch=master [ci skip] 2023-01-15 21:39:49 +00:00
Carrie Roberts 5445f291a2 Update T1112.yaml (#2283) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-01-15 16:39:13 -05:00
Tony M Lambert 4ae9580a1a T1059.007 JScript Tests (#2281) 
* JScript Tests

* correct outfile name

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-14 17:55:16 -05:00
Atomic Red Team doc generator 690097dc5d Generated docs from job=generate-docs branch=master [ci skip] 2023-01-12 15:41:02 +00:00
Carrie Roberts 421ef67baf fix cleanup key 2023-01-12 09:55:38 -05:00
Atomic Red Team doc generator 757c6b6513 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-11 23:53:02 +00:00
Carrie Roberts 44ce87e92e add prereqs and simplify (#2269) 2023-01-11 16:52:34 -07:00
Atomic Red Team doc generator 8a750920de Generated docs from job=generate-docs branch=master [ci skip] 2023-01-11 23:50:28 +00:00
Atomic Red Team GUID generator 8461709555 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-11 23:50:20 +00:00
devapriya16 eee46c0733 Update T1562.001.yaml (#2274) 
* Update T1562.001.yaml

Test#38 is added for atomics to delete defender's scheduled tasks

* simplify and a few corrections

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-11 16:49:48 -07:00
Atomic Red Team doc generator 7d78710094 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-10 23:42:03 +00:00
CDub1016 c093205999 Update T1053.005.yaml (#2276) 
* Update T1053.005.yaml

Created cleanup command for T1053.005-Task Scheduler via VBA-Cleanup commands created

* Update T1053.005.yaml

Fixed syntax error.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-10 16:41:32 -07:00
Atomic Red Team doc generator c4c81934d2 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-10 23:37:09 +00:00
Atomic Red Team GUID generator 7eb64678b5 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-10 23:37:01 +00:00
tr4cefl0w 43a42402af adding Section View injection (#2275) 2023-01-10 16:36:25 -07:00
Atomic Red Team doc generator 95ec2d0ceb Generated docs from job=generate-docs branch=master [ci skip] 2023-01-10 12:42:35 +00:00
Carrie Roberts 5d6df77a52 add dll and prereqs (#2273) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-01-10 05:42:04 -07:00
tccontre 7c26b9aae0 Tccontre discovery winpeas (#2270) 
* Update T1124.yaml

* Update T1033.yaml

* Update Discovery.bat

* Update Discovery.bat

* Update T1033.yaml

* Update T1033.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-09 19:06:02 -05:00
Atomic Red Team doc generator 9bffb46fb6 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-10 00:05:06 +00:00
Dustin Lee 26aa15f7d6 Fix Octopus spelling in description (#2271) 
s/Octupus/Octopus/

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-09 19:04:35 -05:00
Atomic Red Team doc generator 5a23718c06 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-10 00:02:55 +00:00
Dustin Lee f4afd9ccf5 Minor grammatical updates (#2272) 
Fixes the spelling of *indicator* and *launched*, plus adds a period to the end of the second sentence in the Word command shell description.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-09 19:02:21 -05:00