0e35397f3f
T1502, T1504, T1518, T1529, T1531 updates ( #926 )
...
* fix tests
* improve descriptions
* more updates
2020-04-03 16:24:05 -06:00
3e789bc137
delete old indexes ( #925 )
...
* delete old indexes
* link fixes
2020-04-03 11:36:55 -06:00
4e08c0c497
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-03 17:14:40 +00:00
a87eeeb535
add csv index by OS, then by tactic and technique, add art_layer json per OS ( #903 )
...
* add csv index by OS, then by tactic and technique
* generate art layer for each OS
* generate art layer for each OS
* update readme
* reset files
* a little cleanup
* a little cleanup
* deleted files from old location
* new folder structure and naming
* link fix
* temp add
2020-04-03 11:14:15 -06:00
3bc48cf815
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-03 15:04:00 +00:00
7517911963
T1074, T1083, T1084, T1085 updates ( #924 )
...
* fix tests
* minor description updates
* update more tests
* remove permissions
* imorove name
* improve description
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-03 09:03:41 -06:00
50500675e9
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-03 14:33:20 +00:00
b392694779
T1107 description updates, remove duplicate tests ( #921 )
...
* random powershell errors :(
* remove tests that are already in T1490 and fit better there
* more fixes
* finish tests
* fix description names
* fixes
* fixes
* fix input arg descriptions
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-03 08:32:58 -06:00
8e969def85
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-02 17:53:29 +00:00
c510cfa6de
T1099 description updates ( #922 )
...
* add prereq command and descriptions
* update descriptions
* hide errors
* hide errors for real this time
* fix descriptions and input arguments
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-02 11:53:09 -06:00
0637dcbd2d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-02 17:50:09 +00:00
0f5b5b0bd5
T1112 description updates ( #920 )
...
* start work
* remove test that is also in T1027 and fits better there
* delete test, it does the same thing other tests do
* fix spelling
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-02 11:49:51 -06:00
5cd368c0c5
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-02 16:13:23 +00:00
9056faaaee
T1121 and T1158 success description updates and fixes ( #923 )
...
* T1121 updates
* start work
* more fixes
2020-04-02 10:12:37 -06:00
84cad45461
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 14:47:35 +00:00
4937a7c755
added new dump lsass method ( #913 )
2020-04-01 08:46:50 -06:00
b7fc8fbd8f
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 00:25:22 +00:00
0a7e7c7ef5
Update completion descriptions ( #919 )
...
* T1037 Update Descriptions
* add updates
* remove powershell specific terminology
* remove powershell specific terminology
* correct redirect
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:24:55 -06:00
4c6d1b8b70
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 00:23:21 +00:00
5af629b9fc
Update Successful Completion Descriptions ( #918 )
...
* update descriptions
* add additional verification instructions
* Update T1136.yaml
* Update T1138.yaml
* Update T1124.yaml
* Update T1138.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:23:05 -06:00
c4cd523a8d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-01 00:05:53 +00:00
0725ce58d1
Deduplicate tests in t1485 and t1490 ( #916 )
...
* dedup tests
* fix tests
* Update T1490.yaml
* fix hard-coded execution command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 18:05:35 -06:00
262ffded5c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 17:47:52 +00:00
220618587d
update tests ( #917 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 11:47:26 -06:00
fd3c196376
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 17:33:24 +00:00
75f534f760
T1089 description updates ( #907 )
...
* start work
* improve tests
* improve test
* text fix
* upgraded prereqs
* Slept on it and made commands more concise
* update description
* add period
* hide error messages, imporve cleanup from temp folder
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-31 11:32:59 -06:00
5b6d75b14b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 02:43:25 +00:00
366c5b8bca
fix tests, update descriptions ( #914 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-30 20:43:07 -06:00
f77b46439d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-31 02:40:39 +00:00
3f9b647b29
Update descriptions ( #915 )
2020-03-30 20:40:23 -06:00
51c0b3af71
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-30 19:09:42 +00:00
b23f570d8a
added Dump LSASS.exe Memory using comsvcs.dll to T1003 ( #912 )
...
* added Dump LSASS.exe Memory using comsvcs.dll
* Updated filemod path
* Re-fixed path.
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-03-30 12:56:59 -06:00
2ad2ad0ffd
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-27 20:02:20 +00:00
647222638f
T1086 - Added cleanup command for BloodHound Test ( #911 )
...
* Added cleanup command for BloodHound Test
* Fixed executer and syntax for powershell.
* fixed typo in executor.
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
2020-03-27 14:01:24 -06:00
9bc3004501
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-27 18:00:15 +00:00
685c9d1bfa
T1220_Update ( #910 )
2020-03-27 11:55:23 -06:00
a064b611bb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-27 14:29:27 +00:00
6944366c06
Typo in prereq_command ( #909 )
...
There are two " in the prereq_command in T1035 leading to an error when running the CheckPrereqs flag.
2020-03-27 08:29:04 -06:00
537ce077f9
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-24 23:14:40 +00:00
4e3e9c8096
T1208 documentation ( #908 )
...
* updated success indicator and changed the way to get invoke-kerberoast script in memory
* updated success indicator description
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-24 17:14:21 -06:00
2bccc88206
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-24 23:12:50 +00:00
e7aa7226e4
Fix T1028 T1032 tests issue. ( #906 )
...
T1028 Test2 should run with powershell.
T1032 Test1 missing quoters.
2020-03-24 17:12:31 -06:00
0cf3fa2e43
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-23 23:50:56 +00:00
f9aee9e255
updated success indicatior on tests and fixed part of test1 ( #905 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 17:50:15 -06:00
fb702afdef
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-23 20:57:21 +00:00
1e601b4b9c
Fix description, remove broken test ( #904 )
...
* start work
* fix test to run 64 bit version
* delete broken test
* fix merge conflicts
* merge
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 14:56:18 -06:00
4c7feb56ca
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-23 15:12:03 +00:00
685c735ebc
lastlog is not supported in OSX, at least not in 10.14.6 ( #902 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 09:11:27 -06:00
9476a6348d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-21 22:22:22 +00:00
617c32ac8e
Changed the executor for all windows test to powershell. Modified ( #901 )
...
windows test to actually create file to modify permissions as it
otherwise just fails unless input arguments are specified. Also added
cleanup commands to the windows tests.
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
2020-03-21 16:21:51 -06:00
Andrew Beers