163e84ca30
Update T1099.yaml - Timestomp ( #960 )
...
* Update T1099.yaml
New Timestomp Atomic test added to emulate MITRE ATT&CKs recent APT29 evals.
https://attackevals.mitre.org/APT29
* Generate docs from job=validate_atomics_generate_docs branch=T1099Take2
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-04-28 11:36:12 -06:00
f3e095dee9
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-28 17:04:21 +00:00
57197a9a6f
T1009, T1014, T1055, T1215: Added dependencies ( #958 )
...
Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-28 11:03:53 -06:00
7c1e966f82
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-28 16:57:34 +00:00
18f618f20b
T1086 T1087 T1088 T1089 Updates ( #944 )
...
* 1087 Updates
* add 1086 Updates
* add T1088 updates
* update T1089
* typo fix
* typo fix
* typo fix
* fix input args
* remove uninstall sysmon changes
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-28 10:57:01 -06:00
7802132b9e
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-27 20:40:21 +00:00
77d3649202
corrected folder name ( #957 )
...
Co-authored-by: darin <darin@blackhillsinfosec.com >
2020-04-27 14:40:06 -06:00
09c8adfbef
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-27 19:54:47 +00:00
9d53c87787
Added test for T1089 for Remove-Service, introduced in Powershell 6.0 ( #954 )
...
* Added test for T1089 for Remove-Service, introduced in Powershell 6.0
* Added Stop-Service and changed Default Value to match Atomic Test 13
Co-authored-by: Marshall Darnell <md@Marshalls-MBP.localdomain >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
Co-authored-by: Marshall Darnell <marshalldarnell@protonmail.com >
2020-04-27 13:54:33 -06:00
dc5a3c2131
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-27 19:51:36 +00:00
483bdf1ea1
Update T1219.yaml ( #956 )
...
fixed TeamViewer command and added AnyDesk test
Co-authored-by: Luminous-InfiniTom <35981510+Luminous-InfiniTom@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-27 13:51:19 -06:00
e28da09de5
T1086 sharphound ( #955 )
...
* Updated T1086 - BloodHound/SharpHound Atomic Test
I have modified T1086-2 to work more effectively.
It now includes two test scenarios using SharpHound.
1. Using prereqs, will validate if sharphound.ps1 is found in the payloads directory within T1086 path. If not, it will download and store it locally.
2. Second test is a one liner that will download and run sharphound.
Input arguments added for hitting a internal domain and specifying the output directory.
* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound
* Added color
It needed color. I added it.
* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound
* Modified BloodHound Tests
Broke out the two BloodHound tests. One will execute from local disk, other will be from within memory.
Modified all payload paths to be from /src/ path.
* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound
* Elevation Not Required
Modified elevation, not required to be admin
* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-27 13:47:14 -06:00
c6582e3b48
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-24 19:29:07 +00:00
5618b90ef4
T1170 T1174 T1204 T1214 T1216 Test Improvements ( #948 )
...
* T1170
* slight updates
* T1214
* add descriptions
* fix spelling
2020-04-24 13:28:39 -06:00
9d1146ae8a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-24 17:39:30 +00:00
94559fc270
T1081 T1082 T1141 T1145 Improvements ( #950 )
...
* improve tests
* fix spelling and prereqs
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-24 11:39:05 -06:00
512b194ec3
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-22 16:27:38 +00:00
5dc114511d
T1222 Improvements and Cleanup ( #949 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-22 10:27:11 -06:00
35f45ec0ec
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-22 16:26:12 +00:00
cc1aced76b
Minor fix for T1115 - Pipe Get-Clipboard output ( #952 )
...
* Update T1115.yaml
Update command for PowerShell so the contents of Get-Clipboard are actually invoked as an expression.
* Update Markdown PowerShell code snippet to reflect changes
* Pipe output of Get-Clipboard to iex in order to invoke the value of clipboard as a command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-22 10:25:25 -06:00
ceafbf9c62
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-22 16:23:59 +00:00
4a8ec3b1c7
T1071 T1118 Improvements and Fixes ( #947 )
...
* start work
* test improvements
* fix type and broken sentence
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-22 10:23:42 -06:00
15f32ce196
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-22 16:19:41 +00:00
9458d814b0
Add test for T1045 that copies and runs packed binaries ( #945 )
...
* Add test for T1045 that copies and runs packed binaries
* Use magic variable PathToAtomicsFolder
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-22 10:18:56 -06:00
12a297615d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-22 15:49:23 +00:00
3a3a7ba6e3
Fix: powerShell -> powershell ( #951 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-22 09:48:49 -06:00
be65f14e54
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-21 02:13:00 +00:00
b229aeb0f3
T1166 - Fix absolute path, C code optimizations ( #946 )
...
* T1166 - Fix absolute path, C code optimizations
* T1215 - Add kernel module source, edit commands
Co-authored-by: hypnoticpattern <>
Co-authored-by: user <user@App1e-Mac-mini.corp.uber.com >
2020-04-20 20:12:40 -06:00
35ed42de92
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-16 22:20:50 +00:00
ef1a8aeb05
Fix command used to copy files in linux and macOS ( #943 )
...
The command `copy` is used on Windows systems. Running the test on macOS and Linux will cause an error.
2020-04-16 16:20:30 -06:00
61419072db
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-16 00:10:07 +00:00
32a2e18aae
Fix issue with non-executable bashf file ( #942 )
...
The file has to be marked as executable before it can run. When the repository is cloned there is no executable flag set and running the test would cause the following error: `failed to run command '/home/user/src/atomic-red-team/atomics/T1154/../T1154/src/echo-art-fish.sh': Permission denied`. Using `sh` with the `trap` command fixes the issue and doesn't require to manually set the flag.
2020-04-15 18:09:42 -06:00
147838a11e
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-15 23:00:10 +00:00
5107a49a2a
Fixing a typo in the wget URL. ( #941 )
...
GitHub paths are case sensitive. The echo-art-fish.sh sits within the `atomics` path not `Atomics`.
2020-04-15 16:59:48 -06:00
9828d013b8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-13 18:10:27 +00:00
5cb6c9ea39
add technique name to CSV indexes ( #939 )
2020-04-13 12:09:53 -06:00
b9a630e7d4
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-10 13:59:17 +00:00
f110934779
T1155 osacript fix ( #940 )
...
* fix
* typo fixes
2020-04-10 07:58:36 -06:00
dfba4ef05f
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-10 01:30:02 +00:00
1235c027b3
T1076_Update ( #938 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-09 19:29:33 -06:00
ec7920d2e6
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-10 01:28:35 +00:00
8158b7a2d0
Fix type (string -> path) in T1502 ( #937 )
2020-04-09 19:27:59 -06:00
00da62d1bb
Fix go-atomic.rb example method ( #934 )
...
`List all accounts` doesn't exist; replaced the test with an existing one.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-08 12:55:56 -06:00
693b224947
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-08 18:50:35 +00:00
22834f4042
T1100-T1531_Update ( #936 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-08 12:50:21 -06:00
7d07686f60
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-08 18:49:16 +00:00
23620c707a
message ( #935 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-08 12:48:54 -06:00
f144c2127e
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-07 21:19:56 +00:00
80b11195c4
url typo fix ( #933 )
2020-04-07 15:19:25 -06:00
69a66fd511
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-07 20:29:37 +00:00
Michael Haag