security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,363 Commits 47 Branches 0 Tags
1663bf7d524b6fc8a9a39104feb2949b36368dfc
Commit Graph

675 Commits

Author SHA1 Message Date
caseysmithrc a53eb4d327 Update t1003 url (#405) 
* update url

* Generate docs from job=validate_atomics_generate_docs branch=Update-T1003-url
 2019-02-06 10:52:11 -08:00
CircleCI Atomic Red Team doc generator a69319c513 Generate docs from job=validate_atomics_generate_docs branch=master 2019-02-05 21:05:39 +00:00
zpettry 0c445be847 Update T1088.md (#436) 
This test needs to use Powershell.
 2019-02-05 13:05:31 -08:00
CircleCI Atomic Red Team doc generator c7142a4487 Generate docs from job=validate_atomics_generate_docs branch=master 2019-02-05 21:05:23 +00:00
Tony M Lambert b831127ab2 T1055 - Test for shared library injection on Linux (#448) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* T1055 - Added test for /etc/ld.so.preload addition
 2019-02-05 13:05:15 -08:00
CircleCI Atomic Red Team doc generator 895c6f2d4f Generate docs from job=validate_atomics_generate_docs branch=master 2019-02-05 21:05:01 +00:00
Tony M Lambert 469372005c T1070 - Overwrite Mail Spool/Log File (#447) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* T1070 - Overwrite Mail/Log Tests from Rocke
 2019-02-05 13:04:53 -08:00
Tony M Lambert 0ff328c3ba T1107 - Filesystem Deletion from Amnesia malware (#446) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* T1107 - Delete Filesystem Test from Amnesia malware
 2019-02-05 13:04:44 -08:00
Tony M Lambert 8c7abb226e T1168 Improve Cron tests, add additional one (#445) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* T1168 - Improvements and additional cron tests
 2019-02-05 13:04:36 -08:00
Tony M Lambert 4212ca043e T1136 - useradd Linux test to replicate backdoor account from Butter (#444) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* T1136 - Added useradd Linux test to replicate Butter attacks pattern
 2019-02-05 13:04:27 -08:00
CircleCI Atomic Red Team doc generator 735447ace8 Generate docs from job=validate_atomics_generate_docs branch=master 2019-02-05 21:04:08 +00:00
Keep Watcher 79494d45a7 Changing file extension to yaml to match content (#442) 2019-02-05 13:03:58 -08:00
Tony M Lambert 509bb5f3a1 T1222 - chattr test (#440) 2019-02-05 13:03:48 -08:00
CircleCI Atomic Red Team doc generator 805deeee31 Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-21 19:49:11 +00:00
Keep Watcher baba01109e adding SSP mod simulation (#438) 
* adding SSP mod simulation

* Update T1101.md
 2019-01-21 11:49:01 -08:00
Tony M Lambert da88f2baa2 T1099 Timestomp test with Rocke example (#439) 2019-01-21 11:48:46 -08:00
CircleCI Atomic Red Team doc generator e74554992e Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 22:14:59 +00:00
Tony M Lambert 4f5c279c61 T1009 - Adjust test with variable for execution (#418) 2019-01-16 14:14:49 -08:00
CircleCI Atomic Red Team doc generator 37ca7e5fd0 Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 17:25:14 +00:00
Ross Wolf 6b6f4beae5 Update flag for cmd.exe (#416) 2019-01-16 09:25:04 -08:00
CircleCI Atomic Red Team doc generator c65ed5d77e Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 17:24:56 +00:00
Tony M Lambert d76e946bc2 T1002 - Reorganize tests for better execution with framework (#417) 2019-01-16 09:24:48 -08:00
CircleCI Atomic Red Team doc generator 87bd65c63c Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 17:24:38 +00:00
Tony M Lambert 832a907d54 T1174 Password Filter DLL PoSH test (#420) 2019-01-16 09:24:29 -08:00
CircleCI Atomic Red Team doc generator d8510e729b Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 17:24:16 +00:00
Tony M Lambert dfabc52d64 T1107 File Deletion reorg with variables (#423) 2019-01-16 09:23:55 -08:00
CircleCI Atomic Red Team doc generator bb07c4ac15 Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 17:23:40 +00:00
JimmyAstle 61ffc53425 Register-CimProvider Atomic test (#435) 
A quick atomic test that utilizes register-cimprovider to execute a dll that pops calc.
 2019-01-16 09:23:29 -08:00
CircleCI Atomic Red Team doc generator 7554e9b644 Generate docs from job=validate_atomics_generate_docs branch=master 2019-01-16 16:17:22 +00:00
Keith McCammon 5c3f5b6389 Merge pull request #424 from ForensicITGuy/t1166-setuidgid 
T1166 SetUID SetGID add tests with variables
 2019-01-16 09:17:12 -07:00
CircleCI Atomic Red Team doc generator 063e489114 Generate docs from job=validate_atomics_generate_docs branch=master 2018-12-13 16:07:16 +00:00
Tony M Lambert 0779b60397 T1010 App Window Discovery with C# (#429) 2018-12-13 08:07:08 -08:00
CircleCI Atomic Red Team doc generator 8243dfedec Generate docs from job=validate_atomics_generate_docs branch=master 2018-12-13 16:06:56 +00:00
Tony M Lambert 4334a8c0b0 T1007 Service Discovery Net Start to File (#428) 2018-12-13 08:06:48 -08:00
CircleCI Atomic Red Team doc generator 07079c9ed7 Generate docs from job=validate_atomics_generate_docs branch=master 2018-12-13 16:06:36 +00:00
Tony M Lambert 0f576dd03f T1004 Winlogon Helper DLLs (#427) 2018-12-13 08:06:28 -08:00
Tony M Lambert 5da497ed1d T1156 .bash_profile .bashrc reorg into separate tests (#426) 2018-12-13 08:06:19 -08:00
Tony M Lambert 15b6f10135 T1009 Binary Padding reorg with variables (#425) 2018-12-13 08:06:12 -08:00
Tony M Lambert a49998432e T1088 Fodhelper UAC Bypass and PoSH tests (#422) 2018-12-13 08:06:02 -08:00
Tony M Lambert 6725795d88 T1166 SetUID SetGID add tests with variables 2018-12-11 00:31:19 -06:00
CircleCI Atomic Red Team doc generator 5bbe2e6403 Generate docs from job=validate_atomics_generate_docs branch=master 2018-12-05 00:53:11 +00:00
Tony M Lambert 9aaa150dcf T1220 XSL Script Processing (#410) 
* Remove XSL tests from T1127 Trusted Dev Tools

* Add T1220 XSL Script Processing
 2018-12-04 16:52:57 -08:00
CircleCI Atomic Red Team doc generator 0d9f652cab Generate docs from job=validate_atomics_generate_docs branch=master 2018-12-05 00:38:31 +00:00
Tony M Lambert 9a487bd26a Added test for persistence via BITS (#409) 2018-12-04 16:38:19 -08:00
Tony M Lambert 4c0eab68c4 T1220 WMIC XSL Tests (#411) 
* Remove XSL tests from T1127 Trusted Dev Tools

* Add T1220 XSL Script Processing

* Added tests for T1220 WMIC XSL execution

* fixed to pass spec
 2018-12-04 16:38:12 -08:00
Tony M Lambert 4d4cc31211 T1222 Added File Perm Modification tests (#412) 2018-12-04 16:38:03 -08:00
Tony M Lambert 943b36db5d T1218 Signed Binary Proxy Execution (#413) 2018-12-04 16:37:48 -08:00
CircleCI Atomic Red Team doc generator 9ab98d2318 Generate docs from job=validate_atomics_generate_docs branch=master 2018-11-17 16:15:14 +00:00
Ross Wolf ae1b07bf4d Update T1042 with cmd /c argument (#408) 
The `/c` flag was missing for `cmd.exe`, causing the command to be skipped.
 2018-11-17 09:15:06 -07:00
CircleCI Atomic Red Team doc generator 51180df1b1 Generate docs from job=validate_atomics_generate_docs branch=master 2018-11-14 21:38:39 +00:00