atomic-red-team

Author	SHA1	Message	Date
Carrie Roberts	14271bcbc5	removing duplicate test (#2239 ) * removing duplicate test * add elevation required Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>	2022-12-14 13:41:20 -07:00
Atomic Red Team doc generator	45741c6c95	Generated docs from job=generate-docs branch=master [ci skip]	2022-12-14 20:35:27 +00:00
Carrie Roberts	684a637c1a	fix typo, user temp directory (#2238 ) Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>	2022-12-14 13:34:57 -07:00
Jonathan Yee	9d2f6e05c9	Update T1567.002.yaml (#2245 ) Removed tab from file which was causing parsing to break	2022-12-14 07:33:55 -07:00
Atomic Red Team doc generator	5c1e6f1b4f	Generated docs from job=generate-docs branch=master [ci skip]	2022-12-07 01:40:37 +00:00
Brian	c6368a624d	Updating ATT&CK and Navigator (#2244 ) This should update the Navigator layers from ATT&CK 11 to 12 and from Navigator 4.5.5 to 4.7.1	2022-12-06 18:39:57 -07:00
Atomic Red Team doc generator	ce55c6dfb1	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-29 00:09:43 +00:00
Atomic Red Team GUID generator	747a28a689	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-29 00:09:36 +00:00
tr4cefl0w	d4721d481c	adding credman gump using keymgr.dll (#2242 ) Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2022-11-28 19:09:04 -05:00
Atomic Red Team doc generator	c65c1656a4	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-29 00:06:26 +00:00
Atomic Red Team GUID generator	4fbdacf673	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-29 00:06:19 +00:00
BlueTeamOps	414118431e	Tests to simulate misuse of secedit.exe (#2241 ) * secedit config template * added secedit based persistence * added secedit based discovery	2022-11-28 19:05:09 -05:00
Atomic Red Team doc generator	1e6c1c70fd	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-24 14:10:04 +00:00
çidem	18baf6d730	T1560.002 :: Fix typo for gzip (#2240 )	2022-11-24 09:09:26 -05:00
Atomic Red Team doc generator	bfbb8be4e3	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-21 20:42:04 +00:00
Atomic Red Team GUID generator	d1343687d4	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-21 20:41:57 +00:00
tr4cefl0w	17b80161a4	adding atomic test T1055.003 (#2237 ) * adding atomic test T1055.003 * adding atomic test T1055.003	2022-11-21 13:41:23 -07:00
Atomic Red Team doc generator	9837b4fcd1	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-21 14:43:35 +00:00
0xv1n	ee62e616b9	T1482 additional techniques (#2236 ) * Updated T1482.md Additional trust enumeration techniques. * Update T1482.yaml Additional trust enumeration techniques. Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2022-11-21 07:42:51 -07:00
Atomic Red Team doc generator	6a621382ba	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-18 16:23:19 +00:00
GirvinRC	3c6c880503	Merge pull request #2231 from cnotin/pr-aad-federation-aadinternals Use AADInternals for AAD federation attack	2022-11-18 11:22:43 -05:00
Atomic Red Team doc generator	fdb6cdb7c6	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-18 16:21:18 +00:00
Atomic Red Team GUID generator	696f2c1d72	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-18 16:21:12 +00:00
GirvinRC	cd39269366	Merge pull request #2213 from packetzero/am_t1040_linux_pcap Add Linux T1040 Packet Capture using raw sockets and filtering	2022-11-18 11:20:45 -05:00
Atomic Red Team doc generator	d8afb1fb8d	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-17 22:09:05 +00:00
Clément Notin	89126e68cd	Fix bug where the search returns multiple objects by selecting only the first (#2235 ) The issue was that "Get-AzureADServicePrincipal" and "Get-AzureADApplication" may return several results matching the provided name which is not handled properly by the code which will crash. The solution is to select only the first object. I took the opportunity for a couple minor improvements in the code of those two tests.	2022-11-17 17:08:24 -05:00
Atomic Red Team doc generator	54f7393181	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-15 23:53:18 +00:00
Atomic Red Team GUID generator	f5526d45fd	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-15 23:53:11 +00:00
Michael Haag	2d6d00c01c	Update T1548.002.yaml - WSReset UAC Bypass (#2232 ) * Update T1548.002.yaml * removed elevation requirement	2022-11-15 18:52:41 -05:00
Clément Notin	01eb60eaf8	Use AADInternals for AAD federation attack Azure AD has two kinds of federated domains. The one that can be used to authenticate on AAD, as an AAD user, and the one that can be used to authenticate as a guest user (also called external identity). The current implementation of the attack seems to work but actually it uses the cmdlets to create a federated domain for external identities which is not the thing we want to showcase this ATT&CK technique. Since such a federated domain does not allow to authenticate as an AAD user. Sorry for missing this when I supervised the initial work on this ART test. Newest method uses AADInternals which is a popular attack framework for AAD and which offers exactly the cmdlet we need.	2022-11-15 17:35:31 +01:00
Atomic Red Team doc generator	9175d8dc59	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-15 16:01:55 +00:00
Atomic Red Team GUID generator	a0c3f39325	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-15 16:01:47 +00:00
codec-hasqui	0440c69f3b	T1567.002.yaml creation with new rclone to Mega exfil test (#2228 ) * Create T1567.002.yaml * Add files via upload * Delete T1567.002.yaml * Update T1567.002.yml * Update T1567.002.yml * Update T1567.002.yml * Create T1567.002.yaml * Delete T1567.002.yml * Update T1567.002.yaml * Update T1567.002.yaml * update display name Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2022-11-15 11:01:20 -05:00
Atomic Red Team doc generator	6024dac957	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-15 15:56:55 +00:00
Carrie Roberts	cecca22f67	HiveNightmare simplifications (#2230 ) * HiveNightmare simplifications * Update T1003.002.yaml * Update T1003.002.yaml Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>	2022-11-15 08:56:24 -07:00
Atomic Red Team doc generator	feca620bc4	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-15 15:48:37 +00:00
Jacques Decarie	291ff6f4c6	updating T1021.006-2 (#2229 )	2022-11-15 10:47:54 -05:00
Alex Malone	58a9e7fb08	attempt to fix merge conflict	2022-11-10 13:15:26 -06:00
Atomic Red Team doc generator	fb7b147eac	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-10 17:01:07 +00:00
Carrie Roberts	ebe511a738	small title correction (#2226 )	2022-11-10 12:00:37 -05:00
Atomic Red Team doc generator	2a798d98d1	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-10 16:59:20 +00:00
Carrie Roberts	956a699a65	expand description (#2227 ) * expand description * add cve number and link	2022-11-10 11:58:47 -05:00
Atomic Red Team doc generator	6d0287a984	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-09 16:35:35 +00:00
Atomic Red Team GUID generator	0342b04584	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-09 16:35:29 +00:00
Jose Enrique Hernandez	c9ccfd64a3	Merge pull request #2220 from packetzero/am_t1547007_reopen_coded Add two MacOS T1547.007 loginwindow reopen tests	2022-11-09 11:35:01 -05:00
Jose Enrique Hernandez	5e0b77ff35	Merge branch 'master' into am_t1547007_reopen_coded	2022-11-09 11:34:18 -05:00
Jose Enrique Hernandez	b567130807	Merge branch 'master' into am_t1547007_reopen_coded	2022-11-09 11:34:11 -05:00
Atomic Red Team doc generator	c72cc5c3aa	Generated docs from job=generate-docs branch=master [ci skip]	2022-11-09 16:34:10 +00:00
Atomic Red Team GUID generator	1f1800a730	Generate GUIDs from job=generate-docs branch=master [skip ci]	2022-11-09 16:34:04 +00:00
Jose Enrique Hernandez	3fec85b734	Merge branch 'master' into am_t1547007_reopen_coded	2022-11-09 11:33:52 -05:00

1 2 3 4 5 ...

4646 Commits