1829f24575
Merge pull request #1274 from redcanaryco/remove-execution-framworks
...
[WIP] Remove execution frameworks from Atomic Red Team
2020-11-03 09:05:56 -05:00
3cd3f074cf
Remove execution-frameworks from Atomic Red Team
2020-11-02 06:15:26 -07:00
c60b8a9def
Update apis.md
2020-11-02 06:07:33 -07:00
ab85fe8efb
Remove execution framework reference in menu
2020-11-02 06:05:44 -07:00
0f1cfd08b1
Rename apis-execution-frameworks.md to apis.md
2020-11-02 05:52:02 -07:00
e1181e7384
Merge OSCD branch into master ( #1273 )
...
* Tests added
* standardize display name
* Add tests for T1134.001 Access Token Impersonation/Theft (#1236 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Changing to device manufacturer based test
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Add test for T1006 Direct Volume Access (#1254 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] T1036.004: Masquerade Task or Service - 2 tests (#1253 )
* T1036.004 - 2 tests added
* Update T1036.004.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* T1136.002 - 2 tests added (#1252 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] Create atomic test for T1113 for Windows (#1251 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* update T1564.002
* update T1564.002
* add Gatekeeper disable; add cleanup for security tools disable; add another launchagent for carbon black defense; remove Gatekeeper disable command from Gatekeeper bypass technique
* Added T1562.006 tests to emulate indicator blocking by modifying configuration files
* Removed prereq and fixed command endings
* Indirect command execution - conhost (#1265 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] Office persiststence : Office test (#1266 )
* Office persiststence : Office test
* Added technique details
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Remove index files to avoid CI complaints.
* Grr
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
Co-authored-by: haresudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
Co-authored-by: gregclermont <580609+gregclermont@users.noreply.github.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carl <57147304+rc-grey@users.noreply.github.com >
Co-authored-by: mrblacyk <kweinzettl@gmail.com >
Co-authored-by: sn0w0tter <42819997+sn0w0tter@users.noreply.github.com >
Co-authored-by: Yugoslavskiy Daniil <yugoslavskiy@gmail.com >
Co-authored-by: aw350m3 <aw350m3@yandex.com >
Co-authored-by: omkargudhate22 <36105402+omkar72@users.noreply.github.com >
2020-10-29 22:54:55 -06:00
f1dacdfeb7
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-24 14:41:32 +00:00
6e2e9122ab
Fix Technique Highlighting ( #1272 )
...
Adds technique highlighting when a sub-technique has an atomic written for it.
2020-10-24 08:39:37 -06:00
9658f928e5
better test name ( #1261 )
...
* better name
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-14
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-10-24 08:19:12 -06:00
49285769f7
cleaner title ( #1260 )
...
* cleaner title
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-13
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-10-24 08:17:34 -06:00
8c75682918
title clarification ( #1259 )
...
* title clarification
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-12
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-10-24 08:15:58 -06:00
9e4b0e36d2
move cleanup to cleanup command ( #1258 )
...
* move cleanup to cleanup command
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-11
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-10-24 08:15:20 -06:00
c9715c0d8c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-24 14:12:36 +00:00
36db298ade
Update Layer Names ( #1271 )
...
More descriptive Mitre ATT&CK Navigator names.
2020-10-24 08:12:17 -06:00
c8f43265c7
Introducing AtomicTestHarnesses Tests to ART ( #1270 )
...
* Introduce AtomicTestHarness Tests to ART
Adding:
- T1134.004 - Access Token Manipulation: Parent PID Spoofing
- T1218.001 - Signed Binary Proxy Execution: Compiled HTML File
- T1218.005 - Signed Binary Proxy Execution: Mshta
These tests utilize the recently released [AtomicTestHarnesses](https://github.com/redcanaryco/atomictestharnesses ) to simulate the base tests from from each ATH Harness. Input arguments may be manipulated as needed to enhance simulation.
* Generate docs from job=validate_atomics_generate_docs branch=atomictestharness-tests
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-10-22 14:34:31 -06:00
7a1c4e857b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-21 16:48:59 +00:00
e0d6242f7a
add nav score for parent technique ( #1269 )
2020-10-21 10:48:21 -06:00
29ae06b032
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-15 16:28:04 +00:00
fde64c6173
Update T1012.yaml ( #1255 )
...
Removed extra spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-15 10:27:40 -06:00
acda0a41f6
Fix off-by-one and misspelling ( #1257 )
2020-10-15 10:22:38 -06:00
8f72e4f710
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-14 02:21:45 +00:00
38f7dce9d8
Update T1113.yaml ( #1256 )
...
* Update T1113.yaml
Update test #4 to include a prereq that downloads ImageMagik, updated test #4 's name, and updated test #4 's description.
* fix yaml spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-13 20:21:21 -06:00
0e54272108
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-10 14:35:26 +00:00
fad05dbdfa
Adding New Test ( #1248 )
...
* Adding New Test
Adding a new test that will invoke the command that Ryuk ransomware uses.
* more descriptive wording
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-10 08:35:03 -06:00
1b0994ea9e
update/clarify description ( #1247 )
...
* update/clarify description
* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-10
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-10-08 12:03:40 -06:00
408a3b694c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-08 13:45:04 +00:00
ea62f1a197
Merge pull request #1241 from haresudhan/T1115
...
Added MacOS tests for T1115
2020-10-08 07:44:33 -06:00
63c9f570fe
Merge branch 'master' into T1115
2020-10-08 07:41:03 -06:00
298a90bcb5
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-08 13:39:28 +00:00
362ddf89c1
Merge pull request #1242 from haresudhan/T1098.004
...
Added tests for T1098.004.
2020-10-08 07:39:07 -06:00
3396ddc13b
Merge branch 'master' into T1098.004
2020-10-08 05:55:14 -06:00
35f08a6dc5
Merge branch 'master' into T1115
2020-10-08 05:54:49 -06:00
4e4f8a2775
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-08 02:37:06 +00:00
b206a0d7cd
Add tests for T1070.003 Clear Command History ( #1237 )
...
* feat: add t1070.003 powershell history clear commands
* feat: include preventing powershell logging
* feat: add cleanup command
* consolidate tests, fix typo
Removed the two duplicated atomics that were using aliases for Remove-Item
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-07 20:36:04 -06:00
994735a156
Merge branch 'master' into T1115
2020-10-07 14:06:14 -06:00
a19e9e9797
Update T1115.yaml
2020-10-07 14:05:37 -06:00
42e19f2e09
Merge branch 'master' into T1098.004
2020-10-07 14:00:46 -06:00
a690c4ca58
Update T1098.004.yaml
2020-10-07 14:00:26 -06:00
e88a1ea463
update ATT&CK ids on Ranger, cookie miner, and qbot chain reactions ( #1243 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-07 11:35:19 -06:00
995466a0e3
Changing elevation_required value.
2020-10-07 02:52:19 -06:00
9d574c083b
Added T1098.004 tests
2020-10-07 02:45:39 -06:00
3385770a6d
Added MacOS tests
2020-10-07 01:55:23 -06:00
8eb52117b7
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-06 16:13:36 +00:00
5ba2d3e985
Update T1550.002.yaml ( #1235 )
...
added code to make prereq commands for test 1.
2020-10-06 10:13:14 -06:00
6be404bece
Fix 404 link in script ( #1234 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-05 10:34:43 -06:00
e2a501b28f
Fix 404 URL ( #1233 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-10-05 10:31:36 -06:00
1bc6c7e115
Updating 404 link ( #1232 )
...
The URL referenced a non existing page (chain_reaction_DragonsTail_benign.ps1). Pretty sure it meant dragonstail_benign.ps1
2020-10-05 10:27:33 -06:00
23fc9289cf
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 15:47:51 +00:00
3cdd80d2f4
Test Case to search a user's bookmarks file from Internet Explorer ( #1227 )
...
* Lists the Ineternet Explorer bookmarks
This command lists the bookmarks for Internet Explorer that are found in the Favorites folder
* Update T1217.yaml
Also, below command can be used to achieve similar results -
dir /s /b C:\Users\%USERNAME%\Favorites
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-09-29 09:47:02 -06:00
910a2a764a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
Matt Graeber