security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,757 Commits 47 Branches 0 Tags
0e202df355299b39053e4e06cdfa15d5d7b46bcb
Commit Graph

5757 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team doc generator 0e202df355 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-31 23:30:28 +00:00
Emile Marty 2a194cdc34 Added support for T1490 creating shadow copies in Windows 10+ (#2676) 
* Update T1490.yaml

Support for creating shadow copies in Windows 10+

* Update T1490.md

Updating documentation

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-31 17:29:42 -06:00
Atomic Red Team doc generator ed9cb8cdc7 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-31 23:27:05 +00:00
Atomic Red Team GUID generator 24c9dc3212 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-31 23:26:50 +00:00
sai prashanth pulisetti e9051bed60 Update T1490.yaml "Modify VSS Service Permissions" (#2668) 
* Update T1490.yaml "Modify VSS Service Permissions"

Modify permissions of the VSS service to inhibit system recovery. This test alters the security settings of the Volume Shadow Copy Service (VSS), potentially impacting system recovery operations. It should be conducted only in a controlled environment. The executor must have administrative privileges to modify service permissions. Note that this test does not include a cleanup command; thus, the changes will persist after execution. Ensure that you have a backup or a system recovery plan in place before running this test. Running this test on a production system or critical environment is not recommended without proper precautions.

* Update T1490.yaml

updated guid

* Update T1490.yaml

updated description and clean up command

* Update T1490.yaml

updated indentations

* Update T1490.yaml

* Update T1490.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-31 17:26:10 -06:00
publish bot abbf7b177b updating atomics count in README.md [ci skip] 2024-01-31 23:23:39 +00:00
zaicurity dc264a80f4 Added T1562.010 Test for PowerShell v2 Downgrade (#2670) 
* Added T1562.010 Test for PowerShell v2 Downgrade

* Remove PowerShell Downgrade Attack atomic from T1059.001.yaml
 2024-01-31 17:22:30 -06:00
Atomic Red Team doc generator 45138fdb07 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-29 16:24:34 +00:00
Atomic Red Team GUID generator 5836fe0a80 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-29 16:24:22 +00:00
sai prashanth pulisetti a5a1cf78fb Update T1041.yaml DNS-Based C2 Data Exfiltration (#2663) 
* Update T1041.yaml DNS-Based C2 Data Exfiltration

Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.

* Update T1041.yaml

updated the changes as requested

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-29 10:23:47 -06:00
publish bot 11e8fd705b updating atomics count in README.md [ci skip] 2024-01-29 16:22:06 +00:00
dependabot[bot] b351059afd Bump jsonschema from 4.20.0 to 4.21.1 (#2667) 
Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.20.0 to 4.21.1.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.20.0...v4.21.1)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-29 10:21:26 -06:00
Atomic Red Team doc generator b98739b474 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-29 15:55:01 +00:00
Jake H a68803c0c3 Adding curly brakets to powershell command to fix issue with interpretation of variables (#2672) 2024-01-29 09:53:35 -06:00
Atomic Red Team doc generator c4fea7a287 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 20:48:23 +00:00
Atomic Red Team GUID generator fd3e8c05dd Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-20 20:48:10 +00:00
Mohana Shankar D 11c442180e Update T1486.yaml (#2665) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-20 14:47:36 -06:00
Atomic Red Team doc generator 6a3a2ede32 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 20:45:01 +00:00
Hare Sudhan e742bcb626 Fix schema validation (#2666) 2024-01-20 14:44:16 -06:00
Atomic Red Team doc generator f6fc008a05 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 04:21:06 +00:00
Atomic Red Team GUID generator e9ab27efff Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-20 04:20:53 +00:00
sai prashanth pulisetti b6fa8857a5 Atomic Test #7 - System Owner/User Discovery Using Command Prompt (#2657) 
* Atomic Test #7 - System Owner/User Discovery Using Command Prompt

Identify the system owner or current user using native Windows command prompt utilities.

* Update T1033.yaml

adjusted - "del %output_path%\\user_info_*.tmp"

* Update T1033.yaml

adjusted output_path with Temp

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

* Update T1033.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-19 22:20:19 -06:00
Zeta 871b418282 Update T1218.yaml (#2646) 
* Update T1218.yaml

add new test "Atbroker.exe (AT) Executes Arbitrary Command via Registry Key"

* Update T1218.yaml

Move to T1546.008

* Update T1546.008.yaml Details: Add new test - Atbroker.exe (AT) Executes Arbitrary Command via Registry Key

Add new test "Atbroker.exe (AT) Executes Arbitrary Command via Registry Key"

* updating atomics count in README.md [ci skip]

---------

Co-authored-by: publish bot <opensource@redcanary.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-19 22:14:16 -06:00
Atomic Red Team doc generator 65348695f9 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-18 21:57:17 +00:00
Atomic Red Team GUID generator 9141822411 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-18 21:57:04 +00:00
Bhavin Patel 640330c513 Updated PR 2461 2463 into a new one (#2655) 
* updating ttp

* updating atomics from PR and adding new

* update command

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-18 15:56:30 -06:00
Atomic Red Team doc generator 5c828eca90 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-18 21:54:06 +00:00
Atomic Red Team GUID generator 4fb5bddaff Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-18 21:53:49 +00:00
sai prashanth pulisetti b28f61b5e1 Update T1020.yaml -Add New Atomic Test for T1020 - Exfiltration via Encrypted FTP (#2656) 
* Update T1020.yaml

Atomic Test #2 - Exfiltration via Encrypted FTP
Simulates encrypted file transfer to an FTP server, representing stealthy data exfiltration methods.

* Update T1020.yaml

updated notes

* Update T1020.yaml

updated line 50

* move notes to description, remove empty tags

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-18 15:52:59 -06:00
Atomic Red Team doc generator 32d9b8c9f5 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-17 21:46:45 +00:00
Atomic Red Team GUID generator 7b0ba0b341 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-17 21:46:21 +00:00
Leo Verlod b8e521c714 Adding T1543.006 Test 6 - Modify Service to Run Arbitrary Binary (Powershell) (#2653) 
* Adding T1543.006 Test 6

* Update T1543.003.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-17 15:44:54 -06:00
publish bot 2723c2f750 updating atomics count in README.md [ci skip] 2024-01-03 22:23:55 +00:00
Ikko Eltociear Ashimine 71a478e525 Update README.md (#2649) 
Github -> GitHub

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-03 16:23:17 -06:00
Atomic Red Team doc generator 49f738b461 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-03 22:12:30 +00:00
Atomic Red Team GUID generator cb9433117b Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-03 22:12:17 +00:00
rosan091 f1c38b0670 Msedge proxy execution (#2647) 
Co-authored-by: unknown <administrator@ADAWS.COM>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-03 16:11:43 -06:00
Atomic Red Team doc generator bd7e635b21 Generated docs from job=generate-docs branch=master [ci skip] 2023-12-28 15:35:40 +00:00
Hare Sudhan 00c9f11bbe Update T1221.yaml (#2648) 2023-12-28 09:34:49 -06:00
Atomic Red Team doc generator e1164d3054 Generated docs from job=generate-docs branch=master [ci skip] 2023-12-27 17:58:55 +00:00
dwhite9 06ebf05785 Added the "-c" option to adfind commands. (#2645) 
* Added the "-c" option to adfind commands. This will cause it to print a
count of the returned objects instead of the actual objects. This is
very useful for large environments and allows it run quicker without
actually exposing any sensitive information.

* Adding the code to allow specifying optional arguments at runtime instead of hardcoding the -c to allow more flexibility per this request:
https://github.com/redcanaryco/atomic-red-team/pull/2645#pullrequestreview-1795339526

---------

Co-authored-by: dwhite <n/a>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: dwhite9 <n@a>
 2023-12-27 11:58:02 -06:00
publish bot de637b370b updating atomics count in README.md [ci skip] 2023-12-22 21:43:36 +00:00
Hare Sudhan 460135314e Github Codespace added (#2644) 
* Create devcontainer.json

* devcontainers added

* devcontainers added

* add setup files

* Update README.md
 2023-12-22 15:43:02 -06:00
Atomic Red Team doc generator b998ba7370 Generated docs from job=generate-docs branch=master [ci skip] 2023-12-20 03:35:19 +00:00
Tessa Georgen c30ed0fe85 Remove improper extra field from T1562.010.yaml (#2642) 2023-12-19 20:34:27 -07:00
Atomic Red Team doc generator a79c9e0e82 Generated docs from job=generate-docs branch=master [ci skip] 2023-12-14 15:28:03 +00:00
Atomic Red Team GUID generator 7f3f0be18b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-12-14 15:27:50 +00:00
BlueTeamOps 9ba4043595 ESXi ART Tests Batch 1 (#2635) 
* ESXi Tests Batch 1

* remove duplicate key

* Update T1082.yaml

Updated the binary location to ExternalPayloads folder and also added the folder creation in GetPreReqs

* Update T1083.yaml

Added External Payloads and included folder creation in GetPreReqs

* Update T1129.yaml

Added ExternalPayloads refence. 
Added folder creation in GetPreReqs
Move the reference of the vib to src

* Update T1529.yaml

Added External Payloads folder and added folder creation step to GetPreReqs

* Update T1529.yaml

987c9b4d-a637-42db-b1cb-e9e242c3991b - added external payloads

* Update T1562.010.yaml

Added External Payloads reference and folder creation to GetPreReqs

* Moved the vib to src

* Delete atomics/T1129/bin directory

* Delete atomics/T1082/bin directory

* Delete atomics/T1083/bin directory

* Delete atomics/T1562.010/bin directory

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-12-14 08:27:13 -07:00
Atomic Red Team doc generator 2dcdc27df7 Generated docs from job=generate-docs branch=master [ci skip] 2023-12-14 04:47:22 +00:00
AJ King 8bca554bc8 Update T1555.003.yaml - typo fix (#2637) 2023-12-13 21:46:31 -07:00