19560b02c8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-06 16:00:58 +00:00
c9bf800a29
T1071 - adding DNS C2 ( #825 )
...
* DNS C2
* DNS C2 - Fix Typos
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-06 09:00:15 -07:00
73eb6cdd8c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-06 15:16:46 +00:00
cbb1133b91
T1105-Update ( #826 )
...
* Added executor fix cleanup command and Temp local path
* changed local_path variable name
* circleCI syntax error PowerShell
* massage
2020-02-06 08:16:27 -07:00
a3ebb13bb6
Build check ( #816 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* ensure both prereq and get_prereq commands are specified
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:31:08 -07:00
2a59d5525f
When invoking new process, set working dir to $env:temp ( #821 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* default working dir is tmp
* default working dir is tmp
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:30:18 -07:00
4955e67900
clarify use of Invoke-WebRequestVerifyHash ( #823 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* clarify use of Invoke-WebRequestVerifyHash
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:24:39 -07:00
1854eb9db8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-05 17:23:40 +00:00
51c70736dd
T1095-2 add prereqs ( #824 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* add prereq commands
* add prereq commands
* add prereq commands
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:23:17 -07:00
80e4462311
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-04 22:40:46 +00:00
8ea7ea5c8e
T1095 Standard Non-Application Layer Protocol - ICMP, Ncat, Powercat C2 ( #822 )
...
* ICMP Ncat C2
* Add T1095 Test
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-04 15:40:10 -07:00
dd0736f370
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-04 20:03:30 +00:00
66b98936f3
VBS File Created in Startup Folder ( #810 )
...
* add tests, fix old test
* start combining tests
* all files run, still need to support input arguments
* fix quotes
* convert to commas
* remove old tests, ignore delete exceptions
* split up into different tests
* ignore errors in cleanup commands
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-04 13:02:47 -07:00
d7449467c4
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-04 18:58:33 +00:00
f227c1cd8b
Delete TeamViewer Log Files ( #814 )
...
* Write tests
* fix build error
* put deletion in attack command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-04 11:58:18 -07:00
599973ee7a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-01 17:36:29 +00:00
bd6e7c0dcf
Pypykatz add dependency ( #817 )
...
* add dependencies to pypykatz tests
* added quotes for the echos and cmd /c
2020-02-01 10:36:16 -07:00
fe500be773
fix prereq bug for multi-line powershell ( #815 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* fix prereq bug for multi-line powershell
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-01-29 14:10:15 -07:00
05699b43bd
Fix typo in test name ( #811 )
...
* Fix typo
* Generate docs from job=validate_atomics_generate_docs branch=fix-logger-typo
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-29 10:30:46 -07:00
d0f818b011
correctly passing timeout through ( #813 )
2020-01-28 16:40:13 -07:00
4193cdc2f1
Revert "T1015 collapsed technique into one atomic with additional inputargs" ( #812 )
...
* Revert "T1015 collapsed technique into one atomic with additional inputargs (#808 )"
This reverts commit 06361de337
2020-01-28 16:25:43 -07:00
5141f5b0dc
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-28 21:09:41 +00:00
06361de337
T1015 collapsed technique into one atomic with additional inputargs ( #808 )
...
* collapsed technique into one atomic
* Update atomics/T1015/T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* Update atomics/T1015/T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* Update atomics/T1015/T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* T1015 removed reference to execution framework
* Update description T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* Update dash over colon T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
Co-authored-by: Keith McCammon <keith@mccammon.org >
2020-01-28 14:09:24 -07:00
1141a86873
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 23:27:40 +00:00
f2074e94b2
T1012 input args and cleanup ( #804 )
...
* T1012 input args and cleanup
* Removed file write functionality
* fixed missing > in command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 16:27:27 -07:00
4fc6a89bcf
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 22:18:51 +00:00
72ed340500
T1069 - Domain Admin Enumeration ( #806 )
...
* add command to test
* move test to another atomic
* fixed old tests
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 15:18:31 -07:00
2c60c197dc
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 21:21:31 +00:00
878f64bb8a
Store Javascript in Registry ( #807 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 14:21:10 -07:00
8b70c15382
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 20:45:55 +00:00
6ea5be5e96
remove document and test ( #805 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 13:45:33 -07:00
ce9b9ba456
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 20:41:58 +00:00
1cefe4232a
added dependencies and cleanup ( #803 )
...
* added dependencies and cleanup
* Update T1010.yaml
Fixed Circle CI error
* Adjusting T1010.yaml
Using Invoke-WebRequest over .Net.WebClient
no longer deleting dependencies
* moved cs and exe files to TEMP directory
* T1010.cs back to atomics folder
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 13:41:36 -07:00
b0a572a708
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 20:31:18 +00:00
a578253580
added cleanup_command ( #802 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 13:30:56 -07:00
827e77d498
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 20:30:01 +00:00
b6d9965240
T1004 cleanup commands ( #801 )
...
* added prereq and cleanup Commands
* removed key removal after folder is deleted
* final no prereqs
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 13:29:36 -07:00
9c33017be0
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 20:26:42 +00:00
a66ed625a4
.jse File in Startup Folder ( #788 )
...
* write test
* move to T1037
* remove from old folder
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 13:26:17 -07:00
d127147734
Removed prereq command from execution tree in spec.yaml ( #800 )
2020-01-26 17:35:53 -07:00
1af5fb8d02
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-26 02:26:39 +00:00
c903166244
T1122 Removal ( #798 )
2020-01-25 19:26:21 -07:00
247e30e704
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-25 01:34:34 +00:00
95ec30fb51
removed T1006 due to error in ninjacopy ( #797 )
2020-01-24 18:34:13 -07:00
86359ca916
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-24 16:21:11 +00:00
0189470689
Remove Ninja-Copy test for now ( #793 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* remove ninja-copy test for now (broke)
* remove ninja-copy test for now (broke)
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-01-24 09:20:36 -07:00
b43af855ba
Only show cleanup (with inputs) if there are inputs ( #792 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-01-24 09:19:10 -07:00
d4cb776600
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-24 15:25:24 +00:00
904b5a59a4
T1032 - Add OpenSSL C2 ( #795 )
...
* T1032 Add OpenSSL C2 Test
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-24 08:24:57 -07:00
e5ed8e7670
Fixed ExecutionLog TestName field ( #796 )
2020-01-24 08:21:54 -07:00
CircleCI Atomic Red Team doc generator