security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,363 Commits 47 Branches 0 Tags
1663bf7d524b6fc8a9a39104feb2949b36368dfc
Commit Graph

1363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony M Lambert 75f452195a T1036 Masquerading (#361) 
* T1036 Masquerading

* T1036, not T1306. Duh
 2018-10-01 20:53:53 -07:00
CircleCI Atomic Red Team doc generator 4c78e54768 Generate docs from job=validate_atomics_generate_docs branch=master 2018-10-02 03:25:26 +00:00
Tony M Lambert a59c97a4e4 T1153 Source (#356) 2018-10-01 20:25:17 -07:00
CircleCI Atomic Red Team doc generator d8af126f49 Generate docs from job=validate_atomics_generate_docs branch=master 2018-10-02 03:23:08 +00:00
Tony M Lambert 702a9c7c32 T1009 Binary Padding (#358) 
* T1009 Binary Padding

* Update T1009.yaml
 2018-10-01 20:23:00 -07:00
Tony M Lambert 6947fbe69d Added tests for T1206 Sudo Caching (#355) 2018-10-01 20:22:48 -07:00
Tony M Lambert 2dbe24c325 T1064 Scripting (#357) 2018-10-01 13:42:14 -07:00
CircleCI Atomic Red Team doc generator aed844bbc4 Generate docs from job=validate_atomics_generate_docs branch=master 2018-10-01 20:40:44 +00:00
Tony M Lambert f046d56246 T1027 Obfuscated Files or Information (#359) 
* T1027 Obfuscated Files or Information

* Fix extension
 2018-10-01 13:40:25 -07:00
Tony M Lambert e6166c4499 T1217 Browser Bookmark Discovery (#360) 2018-10-01 13:40:14 -07:00
Lemelin 3649d34631 Fixed the issues with OSX not reporting executors. 2018-10-01 13:40:29 -04:00
Lemelin a3c0e5b238 Added missing files. 2018-09-28 16:52:48 -04:00
Lemelin f0f6804345 Adjusted YAML file relative path. 2018-09-28 16:52:03 -04:00
Lemelin 93c27c437b Moved Python test harness to contrib. 
Moved 'execution-frameworks/python' to
'execution-frameworks/contrib/python'.
 2018-09-28 16:23:20 -04:00
Zac Brown 27fe1066d6 Users/zacbrown/deprecate old powershell executor (#352) 
* Move old PowerShell execution framework to deprecated directory.

Signed-off-by: Zac Brown <zacbrown@users.noreply.github.com>

* Generate docs from job=validate_atomics_generate_docs branch=users/zacbrown/deprecate-old-powershell-executor
 2018-09-28 12:11:08 -07:00
caseysmithrc a61dbfbbb5 Component Object Model Hijacking (#354) 
* Component Object Model Hijacking

* Update T1122.yaml

* Generate docs from job=validate_atomics_generate_docs branch=Fix-1122-COMHijack
 2018-09-28 12:08:15 -07:00
caseysmithrc 789b2cfc59 Added '---' (#350) 2018-09-25 11:39:52 -07:00
Keith McCammon 74765edf7e Merge pull request #349 from redcanaryco/add-related 
Add a Related section to reference other works
 2018-09-21 08:01:44 -06:00
Keith McCammon 37e485ce06 Add a Related section to reference other works 2018-09-21 07:56:54 -06:00
Michael Haag ba64b21e2a T1126 fix (#341) 
* Resolve issue #340

Fixed #340

* Generate docs from job=validate_atomics_generate_docs branch=T1126-fix
 2018-09-18 08:38:22 -07:00
Zac Brown 1976a539c8 Merge pull request #347 from ForensicITGuy/master 
MSXSL Bypass Test (T1127 Trusted Dev Utilities)
 2018-09-14 23:03:39 -06:00
Tony M Lambert ef0b8f073e Hopefully this works remotely now 2018-09-14 20:49:10 -05:00
Tony M Lambert 62ed0f30ab Fix script again 2018-09-14 20:46:03 -05:00
Tony M Lambert 03adb61ee4 Added remote test, simplified script file 2018-09-14 20:35:48 -05:00
Tony M Lambert ddd0e81e54 Fix customer name 2018-09-14 16:21:39 -05:00
Tony M Lambert f344a573b7 Add MSXSL test to T1127 2018-09-14 16:20:25 -05:00
Zac Brown b85c21bb00 Merge pull request #346 from redcanaryco/T1140-Add 
T1140 - certutil rename and decode
 2018-09-14 08:25:39 -06:00
CircleCI Atomic Red Team doc generator d0a5bb7762 Generate docs from job=validate_atomics_generate_docs branch=T1140-Add 2018-09-14 13:34:52 +00:00
Michael Haag 52ca3f8b1b Added certutil rename 
Reference: https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html

https://twitter.com/ItsReallyNick/status/1040402921777782784
 2018-09-14 08:34:29 -05:00
Zac Brown 4f31d6ac09 Merge pull request #339 from MSAdministrator/modified_execution_functions_and_readme 
Modified Invoke-AtomicRedTeam functions and README
 2018-09-13 21:06:26 -06:00
Josh Rickard 9aeecf2694 Added Pester tests and modified Manifest file 2018-09-13 22:55:35 -04:00
Josh Rickard e81485b3e2 Converted Invoke-AtomicRedTeam to PowerShell Script Module 2018-09-13 22:00:50 -04:00
CircleCI Atomic Red Team doc generator 8b6116bffc Generate docs from job=validate_atomics_generate_docs branch=master 2018-09-13 20:33:22 +00:00
Michael Haag a01d08725b Merge pull request #343 from JimmyAstle/T1191-synax-fix 
Minor update to cmstp.exe syntax
 2018-09-12 08:08:19 -04:00
Jimmy Astle d5a791015b Minor update to cmstp.exe syntax 
need to add teh /s so this test runs without user interaction
 2018-09-11 15:36:29 -04:00
Michael Haag 6c0620f855 Merge pull request #342 from 2xyo/patch-1 
T1117: Fix path of RegSvr32.sct
 2018-09-11 10:05:46 -04:00
2*yo 909df7b204 Fix path of RegSvr32.sct 
`RegSvr32.sct` isn't in the `bin` folder.
 2018-09-11 15:49:39 +02:00
Josh Rickard 5130db160b Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
caseysmithrc 18ae6fb97a Merge pull request #335 from MSAdministrator/T1193-modifying-download-of-payload 
Added test for T1193 that downloads a macro-enabled excel sheet
 2018-09-06 21:33:25 -06:00
caseysmithrc 41073650e6 Merge pull request #338 from MSAdministrator/origin/T1060-adding-removal-of-registry-keys 
Adding removal of registry keys for T1060 based on issue #328
 2018-09-06 21:31:50 -06:00
Josh Rickard 823766d2c9 Adding removal of registry keys for T1060 based on issue #328 2018-09-06 21:56:10 -04:00
Josh Rickard 0738765238 Removing outdated tests for T1193 and Office/excel pre-check to test 2018-09-06 21:20:14 -04:00
Michael Haag 068a5fa98e Merge pull request #325 from redcanaryco/Invoke-AtomicRedTeam 
Invoke atomic red team
 2018-09-06 16:42:51 -04:00
caseysmithrc 86ffa9f37c Fix All The Things 2018-09-06 12:18:17 -06:00
caseysmithrc 4fd7dd3cce Fix Error Message 2018-09-06 11:45:06 -06:00
caseysmithrc de3c2b6684 IMport-Module cleaner 2018-09-06 09:34:39 -06:00
caseysmithrc 0ed64ddf4a Merge pull request #336 from MSAdministrator/T1112-modifying-the-registry 
Add test for T1112 that modifies registry keys
 2018-09-06 07:23:03 -06:00
caseysmithrc 7aa0e28a90 Merge pull request #332 from redcanaryco/PowerShell-Executor.Command-Properties 
Power shell executor.command properties
 2018-09-06 07:06:14 -06:00
Michael Haag d02c38650e Merge pull request #334 from redcanaryco/Fix-T1170 
Fixed T1170 execution command
 2018-09-06 08:02:08 -04:00
Josh Rickard 28c470b40c Add test for T1112 that modifies registry keys 2018-09-05 23:46:44 -04:00