security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,363 Commits 47 Branches 0 Tags
1663bf7d524b6fc8a9a39104feb2949b36368dfc
Commit Graph

1363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
caseysmithrc 4054c123c7 update 2017-11-14 10:08:30 -07:00
caseysmithrc 1134ecaa6a updated 2017-11-14 10:06:41 -07:00
Michael Haag 8e457048cb Merge pull request #20 from redcanaryco/atomic-dev-cs 
Updated Mimikatz References
 2017-11-13 14:11:46 -08:00
caseysmithrc ddf8a8318a Updated Mimikatz References 
Updated References
 2017-11-13 15:10:25 -07:00
Michael Haag 7b5924d62c Merge pull request #19 from redcanaryco/atomic-dev-cs 
Atomic dev cs
 2017-11-13 14:08:33 -08:00
caseysmithrc 24e2671f45 Added Invoke-Mimnikatz 
Invoke-Mimikatz Locally
 2017-11-13 15:06:40 -07:00
caseysmithrc c03b740553 update instructions 
Update MHT To Doc Notes
 2017-11-13 11:54:20 -07:00
caseysmithrc 4439c529ea Sample VBA 
Sample VBA Downloader
 2017-11-13 11:53:35 -07:00
caseysmithrc 3380b40547 Merge pull request #18 from redcanaryco/dev-mh 
Chain Reactions + Linux + Updates
 2017-11-13 11:07:24 -07:00
Michael Haag 407c84b6f5 Discovery Updates 
+ More Tasklist.exe adds
+ Modified file directory listing to be recursive.
 2017-11-13 11:02:39 -07:00
Michael Haag 61d4797e64 Chain Reaction 
+ New chain reaction
 2017-11-13 11:01:57 -07:00
Michael Haag 26854f24b0 System Network Configuration Discovery 
+ Added System Network Configuration Discovery
 2017-11-13 05:01:03 -08:00
Michael Haag 705f7d4dcf Powershell - Bloodhound 
Added single command to download and execute Bloodhound.
 2017-11-10 13:52:27 -08:00
Michael Haag e843ca71e7 Linux 
+ Add Account Discovery
+ Fix Cron Job title
 2017-11-08 22:19:10 -08:00
Michael Haag 2e4ff79e66 Chain reaction 
Basic Chain reaction
 2017-11-07 15:49:28 -08:00
caseysmithrc aaa7105a42 Merge pull request #17 from redcanaryco/dev-mh 
Chain Reactions
 2017-11-06 15:22:55 -07:00
Michael Haag 98f6d339e6 Chain Reactions 2017-11-06 14:21:36 -08:00
Michael Haag 0ca2758c28 Merge pull request #16 from redcanaryco/atomic-dev-cs 
Atomic dev cs
 2017-11-06 14:14:52 -08:00
caseysmithrc 479a11fa09 fix discovery cmd 2017-11-06 15:11:30 -07:00
caseysmithrc dcf67629de webinar script 
Update
 2017-11-06 15:07:57 -07:00
Michael Haag 427653c2ce Updated main 
+ Modified main README with new README names
 2017-11-05 21:29:39 -08:00
caseysmithrc cab7addfb9 Merge pull request #15 from redcanaryco/readmes 
Rename OS level docs to README to take advantage of Github
 2017-11-04 13:39:57 -06:00
Brian Beyer 9668bf2c24 Rename Mac.md to README.md 2017-11-04 15:36:59 -04:00
Brian Beyer 550e29773a Rename Linux.md to README.md 2017-11-04 15:36:41 -04:00
Brian Beyer 3b03b3e9b8 Rename Windows.md to README.md 2017-11-04 15:36:03 -04:00
Brian Beyer 8e016a90d2 Add gitignore 2017-11-04 14:37:08 -04:00
caseysmithrc 666594cf6e Merge pull request #14 from redcanaryco/dev-mh 
GPP and bat fix
 2017-11-03 11:42:13 -06:00
Michael Haag d61e743c41 Discovery bat fix 
Removed a basic thing and made it even more basic
 2017-11-03 09:56:44 -07:00
Michael Haag e22d823c4b Credentials in Files 
+ Credentials in Files
+ add Get-GPPPassword.ps1
+ Update matrix
 2017-11-02 11:53:28 -07:00
caseysmithrc 2096d7d969 Merge pull request #13 from redcanaryco/dev-mh 
11-1-2017
 2017-11-01 17:38:33 -06:00
Michael Haag b48f9e5f22 Deobfuscate_Decode_Files_Or_Information 
Defense Evasion/Deobfuscate_Decode_Files_Or_Information Add
 2017-11-01 16:28:57 -07:00
Michael Haag a12f456ce3 remove ds 
dsstore goen
 2017-11-01 16:25:53 -07:00
Michael Haag 0eaa1f25ad Merge pull request #12 from redcanaryco/atomic-dev-cs 
Atomic dev cs
 2017-11-01 16:24:49 -07:00
caseysmithrc 06b210f766 certutil fix 2017-11-01 17:11:21 -06:00
Michael Haag 976f3ba40f Adds 
Security software discovery
system time discovery
 2017-11-01 16:02:40 -07:00
caseysmithrc 1e1ae19a33 certutil encode/decode 2017-11-01 16:52:46 -06:00
caseysmithrc e5236e6146 Merge pull request #10 from redcanaryco/dev-mh 
Dev mh
 2017-10-31 14:14:33 -06:00
Michael Haag be85bb6afe Discovery bat 
+ Added reg queries to payload.
 2017-10-31 12:58:40 -07:00
Michael Haag 66c37e8b53 Evasion and exfil 
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware.
+ Added 2 ways to compress data with Powershell and rar.
 2017-10-31 12:56:52 -07:00
caseysmithrc 480a201741 Merge pull request #7 from redcanaryco/Readme-mh 
ReadMe Updates
 2017-10-19 16:35:04 -06:00
Michael Haag 402b93eba8 Moved matrices 
Moved to the top for easy access
 2017-10-19 13:32:26 -07:00
Michael Haag 8dab533558 Readme link adds 
Added Roberto Website and spreadsheet links
 2017-10-19 13:30:14 -07:00
Michael Haag 59bbfe86b9 Readme Update 
Overhauled Readme
 2017-10-19 13:27:16 -07:00
Michael Haag b144a64e43 Merge pull request #6 from redcanaryco/Collection 
Updated Windows Matrix
 2017-10-17 15:11:19 -07:00
Michael Haag 59722275f6 Updated Windows Matrix 
+ Added Clipboard Data
 2017-10-17 15:09:43 -07:00
caseysmithrc 0ad43f6b67 Merge pull request #5 from redcanaryco/Collection 
Windows - Collection
 2017-10-17 13:46:05 -06:00
Michael Haag cf3f201c94 Fix 
+ Line breaks
 2017-10-17 11:55:57 -07:00
Michael Haag 3c17d14b37 Fixed Clipboard 
+ Missing clip and made it completely compatible with powershell only now. No need to be in cmd.exe to start this.
 2017-10-16 13:19:20 -07:00
caseysmithrc 6b23f04277 Merge pull request #4 from redcanaryco/mac-defense-evasion 
Submitting two new Mac techniques
 2017-10-13 14:57:50 -06:00
Keith McCammon 8342c241e6 Corrected tabstop 2017-10-13 14:25:18 -06:00