security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,363 Commits 47 Branches 0 Tags
1663bf7d524b6fc8a9a39104feb2949b36368dfc
Commit Graph

1363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Carrie Roberts 9f535f0547 add "elevation_required" attribute to test definition yaml (#532) 
* add elevation_required attribute to test definition yaml

* Update atomic_red_team/atomic_test_template.yaml

Co-Authored-By: Brian Beyer <brianebeyer@users.noreply.github.com>

* Update atomics/T1089/T1089.yaml

Co-Authored-By: Brian Beyer <brianebeyer@users.noreply.github.com>

* Update atomics/T1089/T1089.yaml

Co-Authored-By: Brian Beyer <brianebeyer@users.noreply.github.com>
 2019-08-29 16:18:07 -06:00
Brian Beyer 5f460b5a8f update all gems (#535) 2019-08-29 08:28:09 -06:00
dependabot[bot] 1571f4dcb0 Bump nokogiri from 1.10.1 to 1.10.4 (#534) 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.1 to 1.10.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.1...v1.10.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2019-08-29 08:10:56 -06:00
A. Didier 48ad5e308d Update rocke-and-roll-stage-01.sh (#533) 
Noticed this misspelling during a training session today.
 2019-08-29 07:36:47 -06:00
Michael Haag b51284297d Initial Access - Atomic Friday July 2019 (#530) 
Adding the following:
- New DragonsTail Chain reaction that does not execute Mimikatz.
- Generic .HTA file with supporting markdown file highlighting details.
- Generic `Atomic.doc` with supporting markdown file highlighting embedded macro.
- Guide (markdown) explaining how to zip files to simulate email borne threats.
- Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell.
- Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.
 2019-08-28 11:38:26 -07:00
CircleCI Atomic Red Team doc generator 604f7cd730 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-28 14:53:16 +00:00
weev3 6e65bbd146 Add T1196(Control Panel Item) (#521) 
* Add test for T1196 that pops calc.exe

* calc.cpl

* Rename T1196.md to T1196.yaml

* Create calc.cpp
 2019-08-28 08:53:05 -06:00
Carrie Roberts ac0546a494 Specify TTP as string, no need to call Get-AtomicTechnique first. Optionally specify individual attacks by atomic test # or name. (#525) 2019-08-27 20:32:00 -06:00
CircleCI Atomic Red Team doc generator 86486588cf Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-27 15:43:54 +00:00
zinint fa19b6b075 Add files via upload (#528) 2019-08-27 09:43:39 -06:00
CircleCI Atomic Red Team doc generator 3206a83186 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-27 15:40:20 +00:00
Makenzie Schwartz 3523ec7a1c T1097 - Move PTT atomic test to appropriate technique (#524) 
* Move Mimikatz PTT atomic from T1075 to T1097

* Update docs
 2019-08-27 09:40:03 -06:00
CircleCI Atomic Red Team doc generator 5898dab7e4 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-27 15:35:27 +00:00
Carrie Roberts 5f846ced08 Add test to T1089 that uninstalls sysmon (#529) 2019-08-27 09:35:15 -06:00
Michael Haag 26c8eae322 Install Atomic - Fixed Paths (#517) 
I reverted https://github.com/redcanaryco/atomic-red-team/issues/478 for the moment. @caseysmithrc and I will update the script to remove the `atomic-red-team-master` path. This will at least get you up and running today.

Issue #516
 2019-08-14 10:36:16 -06:00
Michael Haag c11d9e847d T1112 bracket fix (#523) 
* Fixed bracket

Fixed bracket causing error.

* Generate docs from job=validate_atomics_generate_docs branch=T1112-bracket-fix
 2019-08-14 10:33:55 -06:00
CircleCI Atomic Red Team doc generator 041777beb9 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-09 14:30:20 +00:00
Trevor Steen 4e979c26ed update formatting (#519) 2019-08-09 08:29:41 -06:00
CircleCI Atomic Red Team doc generator 4e1d01f56d Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-09 14:25:01 +00:00
Trevor Steen e82b207b66 updated code formatting (#520) 2019-08-09 08:24:44 -06:00
CircleCI Atomic Red Team doc generator 421b5c56a3 Generate docs from job=validate_atomics_generate_docs branch=master 2019-08-09 14:22:16 +00:00
Makenzie Schwartz fe943551bd Supply Invoke-AppPathBypass with Payload as argument (#522) 2019-08-09 08:21:58 -06:00
caseysmithrc 5f6ad32db2 Fix t1138path (#513) 
* Updating the path and description

* Generate docs from job=validate_atomics_generate_docs branch=fix-t1138path
 2019-06-14 14:06:29 -06:00
CircleCI Atomic Red Team doc generator 587dbb39e5 Generate docs from job=validate_atomics_generate_docs branch=master 2019-06-14 14:55:42 +00:00
caseysmithrc cd32b7cf92 Updated T1118 Path and Code (#510) 
* Update T1118.yaml

* Update T1118.cs
 2019-06-14 08:55:21 -06:00
CircleCI Atomic Red Team doc generator 6988597182 Generate docs from job=validate_atomics_generate_docs branch=master 2019-06-14 12:47:58 +00:00
Alain Homewood 11bbe35ab2 Added T1071 atomics for DNS C2 (#511) 2019-06-14 06:47:35 -06:00
CircleCI Atomic Red Team doc generator f6c457593a Generate docs from job=validate_atomics_generate_docs branch=master 2019-06-14 12:41:14 +00:00
Tony M Lambert 1620029675 Tests for Data Destruction and Resource Hijacking (#512) 2019-06-14 06:41:02 -06:00
Tony M Lambert 7be30f44e7 Chain Reaction - Qbot Infection (#508) 
* Reaction and payloads

* Prepare for primetime merge into master

* upload better source

* right folder

* Modify to .NET payload
 2019-05-31 09:01:25 -06:00
CircleCI Atomic Red Team doc generator 6ff5afc97a Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-31 12:13:54 +00:00
Tony M Lambert b5f1159c4c T1105 Remote File Copy BITSAdmin (#507) 2019-05-31 06:13:40 -06:00
Keith McCammon 12d80f435d Fix a typo 2019-05-29 14:14:05 -06:00
CircleCI Atomic Red Team doc generator 7b2ff64340 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-21 12:11:03 +00:00
swelcher 249ccacbe9 [FIX] T1087 (#502) 2019-05-21 06:10:47 -06:00
CircleCI Atomic Red Team doc generator 2a40652162 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-21 12:09:28 +00:00
swelcher e4318e90f5 [FIX] Duplicate YAML Keys (#503) 2019-05-21 06:09:14 -06:00
caseysmithrc fe2bfa6268 msbuild expects the csproj file in the same path (#501) 2019-05-13 14:23:23 -06:00
CircleCI Atomic Red Team doc generator 1310d86685 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-13 15:28:31 +00:00
Tony M Lambert f674d37d9c T1501 Systemd reorg and add variables (#491) 
* Update ATT&CK json for technique creation

* Reorg systemd test and add variables
 2019-05-13 09:28:20 -06:00
Tony M Lambert b5dc3e17a8 ATT&CK Navigator Layer Generation via Ruby (#500) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* Added code to generate Navigator layer

* Add ATT&CK Navigator layer to readme
 2019-05-11 19:23:48 -10:00
CircleCI Atomic Red Team doc generator 6abfe94684 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-10 19:57:12 +00:00
Tony M Lambert 5897b9aef1 T1482 Domain Trust Discovery (#495) 
* Update ATT&CK json for technique creation

* T1482 - Domain Trust Discovery
 2019-05-10 13:56:56 -06:00
Michael Haag a29708a7a3 install-atomicredteam Updates (#498) 
* Updated URL location

* fixed url

again

* Updated InstallPath

Updated install path for issue #478
 2019-05-10 13:38:02 -06:00
CircleCI Atomic Red Team doc generator 988f97eb63 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-10 19:35:24 +00:00
Tony M Lambert 9a8acbed1f T1490 Inhibit System Recovery (#493) 
* Update ATT&CK json for technique creation

* T1490 Inhibit System Recovery
 2019-05-10 09:35:09 -10:00
CircleCI Atomic Red Team doc generator 6f88a3ecac Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-07 14:31:34 +00:00
Tony M Lambert 5d0bf18098 T1485 Data Destruction Tests (#492) 
* Update ATT&CK json for technique creation

* T1485 - Data Destruction Tests
 2019-05-07 08:31:25 -06:00
CircleCI Atomic Red Team doc generator af95800d81 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-07 14:30:13 +00:00
Tony M Lambert e180e513f7 T1201 Windows & macOS PW policy enum (#490) 2019-05-07 08:29:53 -06:00