1d37472ced
Replaced the ${atomics_path} input variable with the ( #761 )
...
$PathToAtomicsFolder global variable. Removed the input variable block
for simplicity.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-30 08:20:24 -07:00
eac69aa2d9
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-30 15:19:21 +00:00
fc060f9e92
Improve test 7 (Offline Mimikatz) for T1003 that performs Credential Dumping ( #760 )
2019-12-30 08:18:57 -07:00
f7a918d875
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-30 15:15:09 +00:00
d587dfbc91
Improve test 5 (ProcDump) for T1003 that performs Credential Dumping ( #759 )
2019-12-30 08:14:49 -07:00
99a2a8aa31
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-30 15:11:52 +00:00
8786bf538b
Add cleanup command for test 10 of T1003 that performs Credential Dumping ( #758 )
2019-12-30 08:11:34 -07:00
246176fe5d
Harmonization of spaces between lines for T1003 that performs Credential Dumping ( #756 )
2019-12-30 08:09:42 -07:00
135c516a08
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-30 15:06:51 +00:00
409e812b17
Fix test 4 output folder for T1003 that performs Credential Dumping ( #757 )
2019-12-30 08:06:20 -07:00
6626b254aa
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-30 15:04:57 +00:00
a4123e5e2f
Fix test 8 and 10 output folder for T1003 that performs Credential Dumping ( #755 )
2019-12-30 08:04:37 -07:00
9431728f2b
Bump rubyzip from 1.2.3 to 2.0.0 ( #750 )
...
Bumps [rubyzip](https://github.com/rubyzip/rubyzip ) from 1.2.3 to 2.0.0.
- [Release notes](https://github.com/rubyzip/rubyzip/releases )
- [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md )
- [Commits](https://github.com/rubyzip/rubyzip/compare/v1.2.3...v2.0.0 )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 09:01:41 -07:00
223cc1901e
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-23 16:00:25 +00:00
9e71e2adcb
moved remote file used in test to src - no other changes ( #754 )
...
* updating per spec to src directory
-note did not change to PathToAtomic, because the author's idea here was to download the payload "remotely"
* moved file
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 08:59:58 -07:00
cfa6ae33fc
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-23 15:55:40 +00:00
6c6c3cf57f
Add test 13 (NinjaCopy) for T1003 that performs Credential Dumping ( #753 )
2019-12-23 08:55:13 -07:00
c8e040c9d4
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-23 15:52:54 +00:00
53da28447c
Add test for T1006 (File System Logical Offsets) ( #752 )
2019-12-23 08:52:35 -07:00
95596cd61c
cleaned up root directory ( #749 )
...
* moved file to /src directory
* rm file has been copied to /src directory
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 08:33:00 -07:00
9fd560617c
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-23 15:31:24 +00:00
a4634b777b
minor fix to meet atomic specs; moved src files to /src ( #748 )
...
* minor fix; move inline.js and manifest.js to /src
-
* moved inline.js
* moved manifest.json
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 08:31:02 -07:00
2f17ab1491
linux as supported_platform, not specific versions (depreciated) ( #747 )
...
-linux only (not specific distros)
-(this functionality is now depreciated by the *prereq_command* functionality in Invoke-AtomicTest)
-reworded section on 'manual tests' after seeing several manually tests today that have been easily automated
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 08:30:09 -07:00
f4eac66bb7
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-23 15:20:41 +00:00
096ba193b4
Automated test for OSX Local Library Startup Items + fixes ( #743 )
...
* Update T1165.yaml
re-wrote draft atomic:
-automated test 1
-corrected test 2 (had a non-functional default path)
-added elevation requirement to both (would be needed)
-re-wrote titles and descriptions to be more specific and clear
-added new path (/src) for the emond plist for test 2
* correcting syntax errors including cleanup command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 08:20:15 -07:00
765c34ead6
rm .plist file (it is now in /src directory) ( #744 )
...
* rm .plist file (it is now in /src directory)
* Create T1165_emond.plist
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-23 08:16:18 -07:00
53a8393c74
copied script to /src ( #741 )
2019-12-21 19:44:19 -07:00
a8b96af84b
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-22 02:43:44 +00:00
0c84aca2e4
Rewrote "Trap" test to not pull down remote files ( #740 )
...
* added /src path + avoided using curl
-supported platforms included "linux" so no need to list out centos and ubuntu specifically
-test previously used curl to download script; which adds other elements to the test (requires proxy, remote, curl, etc.)
-updated to use $PathToAtomicsFolder variable instead
-fixed bash syntax needed to use new path
* corrected INT command (now SIGINt), from original
* rm file, now is in /src directory
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2019-12-21 19:43:22 -07:00
1698e5c347
duplicate file is not needed, recent invoke-atomic changes removed the need for this ( #739 )
2019-12-21 19:39:08 -07:00
c7d95ebc23
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-22 00:19:55 +00:00
9df75a4013
added path to src directory ( #738 )
2019-12-21 17:16:57 -07:00
20fbdb7173
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-20 22:04:10 +00:00
38a5811f31
using updated version of mimikatz that works on latest win10 versions ( #736 )
2019-12-20 15:03:50 -07:00
5e90af5009
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-19 03:19:21 +00:00
66b7136553
Test 4 change ( #735 )
...
Changing test 4 default IP to 127.0.0.1 instead of CloudFlare dns 1.1.1.1
2019-12-18 20:18:58 -07:00
9817fc3b59
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-19 03:16:52 +00:00
38c7ac2fe1
T1002 test 2 correction ( #734 )
...
* T1074 .bat fix
Changing "sc query" to "sc.exe query" so it runs with PowerShell. "sc" is an alias in powershell for Set-Content.
* T1002 Correction
added space between input_path and wildcard extension
2019-12-18 20:16:30 -07:00
b3ce1fb005
T1074 .bat fix ( #733 )
...
Changing "sc query" to "sc.exe query" so it runs with PowerShell. "sc" is an alias in powershell for Set-Content.
2019-12-18 09:32:36 -07:00
84b724b29d
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-18 06:45:00 +00:00
cf2879466d
T1114 Update ( #730 )
...
* Removed text "comments" that were attempting to run as commands.
Simplified command block script execution. Added input arguments for
save path for script output. added cleanup commands.
* Replaced hard coded command with $PathToAtomicsFolder variable.
2019-12-17 23:44:35 -07:00
3fdbd91fc0
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-18 06:11:04 +00:00
40845ae5dd
Fix issue #499 for T1007 ( #729 )
2019-12-17 23:10:44 -07:00
ab4c68b970
Execute powershell with "-Command -" arguments. Tell powershell to read scripts from stdin. ( #727 )
2019-12-17 23:09:02 -07:00
f51c26ab5f
Revert "Added WCE executable to test 3 (Windows Credentials Editor)" ( #728 )
...
* Revert "Added WCE executable to test 3 (#720 )"
This reverts commit 9006f3c581
2019-12-17 09:45:42 -06:00
b18c5a498d
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-17 00:05:19 +00:00
3750c092bc
Add "#" before file_extension argument ( #726 )
2019-12-16 17:04:56 -07:00
c34176e00b
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-17 00:03:42 +00:00
4364411ff4
update tests ( #725 )
2019-12-16 17:03:20 -07:00
cf15882964
Generate docs from job=validate_atomics_generate_docs branch=master
2019-12-17 00:02:40 +00:00
dwhite9