a54ad3e2a8
Merge pull request #51 from redcanaryco/Haag
...
Mac Additions
2018-01-08 14:58:21 -07:00
c9d674bf80
Merge pull request #49 from JimmyAstle/Discover/Files_folders_Linux
...
Discover/files_folders_Linux
2018-01-08 14:55:40 -07:00
b56282c007
Merge pull request #52 from JimmyAstle/Discovery/System_Information_Discovery
...
Adding in some Linux System OS discovery one liners
2018-01-08 14:54:39 -07:00
4842ffb05d
Persistence .bashrc / .bash_profile
2018-01-07 05:55:19 +07:00
42d3c51ed9
Fix Mac Grid
...
* Updated Mac grid to add “.md” on Indicator_Removal_On_Host to resolve
404.
2018-01-03 23:11:30 -05:00
0df10d39cb
Merge remote-tracking branch 'redcanaryco/master'
2018-01-03 23:07:54 -05:00
f5c1d7af56
Adding in some Linux System OS discovery one liners
2018-01-03 17:34:12 -05:00
6160fd756e
Readme
...
Boring readme update
2018-01-03 09:07:53 -07:00
0b6275cf50
Mac Additions
...
+ Account Discovery
+ File and Directory Discovery
2018-01-03 09:05:14 -07:00
d0d71177e1
Merge branch 'master' into Discover/Files_folders_Linux
2018-01-03 10:34:10 -05:00
9a4b06e89d
Merge pull request #50 from JimmyAstle/Defense_Evasion/Clear_history
...
Defense evasion/clear_history
2018-01-03 07:30:49 -07:00
a8ae18ca0b
Merge pull request #48 from JimmyAstle/Discovery/Account_Linux
...
Discovery/account_Linux
2018-01-03 07:30:10 -07:00
e36a8e3377
Removing the groups command as that should live in a seperate spot
2018-01-02 17:20:28 -05:00
7f78ad5ace
Adding in missing table link for Account Discovery
2018-01-02 17:16:27 -05:00
976b27a683
Merge branch 'master' into Haag
2018-01-02 14:54:44 -07:00
6dea66bdec
Defense Evastion
...
+ Added method to stop event logs
2018-01-02 14:54:21 -07:00
219534d464
Updating Table to link to file and folder discovery
2018-01-02 16:11:04 -05:00
919993d886
Couple of fun searching techniques
2018-01-02 16:07:07 -05:00
e7d731615e
Adding in a few more account discovery techniques
2018-01-02 16:03:14 -05:00
22d7cdcec8
Echo white space into bach history
2018-01-02 15:45:53 -05:00
7dd644c77b
Adding in dev/null bash history symlink
2018-01-02 15:36:15 -05:00
68e5c6c5ab
Merge pull request #47 from atmathis
...
Add/Change Mac Techniques
Cleanup AllTheThings Payload
2018-01-02 07:55:00 -07:00
1cb5f30dc0
Update Input_Prompt.md
2018-01-02 07:52:43 -07:00
3ef9e7a62c
Mac Defense Evasion/Launchctl
...
* Added Mac Defense Evasion/Launchctl and updated Matrix
2018-01-01 17:18:54 -05:00
5802bb2df8
Mac Indicator Removal on Host
...
* Added Mac Defense Evasion / Indicator Removal on Host and updated
Matrix
2018-01-01 17:07:42 -05:00
a9b36650cd
Mac Hidden Users
...
* Added Defense Evasion/Hidden Users and updated Matrix
2018-01-01 16:38:43 -05:00
9b9bd358ed
Update HISTCONTROL
...
* Added route to setting permanently in .bash_profile
2018-01-01 16:17:10 -05:00
0ddc31b336
Mac/Linux HISTCONTROL
...
* Added HISTCONTROL for Mac and Linux, and updated Matrices
* Corrected Gatekeeper Bypass title
2018-01-01 16:02:52 -05:00
232d5eea29
Add Mac Defense Evasion/Disabling Security Tools
...
* Added Disabling_Security_Tools under Mac Defense Evasion and added to
Matrix
* Added existing GateKeeper Bypass page to Matrix
2018-01-01 15:10:44 -05:00
cac4566d2c
Revert "Revert "Linux/Mac Command Clear""
...
This reverts commit 6439416b26
2018-01-01 14:30:45 -05:00
6439416b26
Revert "Linux/Mac Command Clear"
...
This reverts commit a0c6b2953c
2018-01-01 14:29:48 -05:00
a0c6b2953c
Linux/Mac Command Clear
...
* Updated title on Clear Command History
* Replicated Clear Command History from Mac to Linux
* Added links to both matrices
2018-01-01 14:27:09 -05:00
dce29fd24d
Add/Change Mac and All the Things cleanup
...
Created Mac/Credential_Access/Input_Prompt
Added AppleScript password prompt to Credential Access/Input Prompt
Cleanup Mac/Execution/AppleScript
Updated Mac Grid
Updated formatting on AllTheThings test.bat
2017-12-29 12:12:54 -05:00
568edb7654
Merge pull request #46 from redcanaryco/Protoss-Dev
...
Update All The Things
2017-12-20 15:39:52 -07:00
d266915612
Update All The Things
2017-12-20 15:39:07 -07:00
54181ad230
Merge pull request #45 from redcanaryco/persistence
...
Persistence & Updates
2017-12-13 15:20:34 -07:00
33d6b91220
Windows ReadMe
...
Fixed link
2017-12-13 10:26:48 -08:00
aee2840fd5
New Persistence
...
+ Office Application Startup
-- Added DDEAUTO and Dragon's Tail link
+ Registry Run Keys and Start Folder
-- Added a couple of items to make this interesting.
+Updated Windows Readme
2017-12-12 15:35:09 -08:00
a53d8d91cd
Merge pull request #44 from redcanaryco/Protoss-Dev
...
Fix Typo
2017-12-07 08:24:18 -08:00
8f95d8b119
Fix Typo
2017-12-07 09:21:59 -07:00
16eb9d5f62
Merge pull request #43 from redcanaryco/Protoss-Dev
...
Fix Shim References
2017-12-07 08:05:38 -08:00
1d57ef77e0
Fix Shim References
2017-12-07 09:03:07 -07:00
fbce4cfb2d
Merge pull request #42 from redcanaryco/Protoss-Dev
...
Context For Shims
2017-12-06 14:41:33 -08:00
67613f4a44
Context For Shims
2017-12-06 15:40:21 -07:00
4326601868
Merge pull request #41 from redcanaryco/Argonaut
...
Argonaut Chain Reaction + Updates to windows.md
2017-12-06 15:27:35 -07:00
5449cc27f0
Argonaut
...
Argonaut was built with the idea of assisting organizations with identifying the use of Invoke-WebRequest aliases - Wget and Curl. Within your detection tools, how does it look? Do you have detection for Wget and curl on Windows?
2017-12-06 14:22:21 -08:00
cf124cd5d4
Merge pull request #40 from redcanaryco/Protoss-Dev
...
Protoss dev
2017-12-06 14:13:47 -08:00
809e2cb4b8
Fix Typo
2017-12-06 15:12:35 -07:00
7bec20d991
App Compat ReadMe
2017-12-06 15:11:56 -07:00
b93b2b1978
Merge pull request #39 from redcanaryco/Protoss-Dev
...
Fix Instructions
2017-12-06 14:07:21 -08:00
caseysmithrc