23c3f8114b
Update T1218.yaml ( #1416 )
...
Default install path was c:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-04-08 07:19:27 -06:00
f62f72c9d8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-08 13:12:07 +00:00
d5f39f7819
Update T1555.yaml ( #1415 )
...
Was failing prereqs due to missing $process value
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-04-08 07:11:40 -06:00
adc459fbf7
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-08 13:10:07 +00:00
ba13a01daf
Update T1569.002.yaml ( #1414 )
...
I was failing to pass the precheck without adding in the dependency_executor_name parameter. Something with parsing I believe
2021-04-08 07:09:43 -06:00
2ecb4a4f84
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-08 13:08:38 +00:00
678d9c5444
remove non-PS command and incorrect param ( #1413 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-04-08 07:08:08 -06:00
5148bb998c
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-07 03:39:44 +00:00
cd3087fa78
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-07 03:39:39 +00:00
ee6707aadb
Added T1053.006 - Blackbot Inc. ( #1412 )
...
* Added T1053.006 - Raymond
* Update T1053.006.yaml
* Update used_guids.txt
Co-authored-by: ryang <ryang@blackbot.io >
2021-04-06 21:39:25 -06:00
8035973916
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-02 14:18:48 +00:00
afb9b9cc33
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-02 14:18:43 +00:00
4a2f5b9a73
Merge pull request #1230 from tlor89/T1070.003_Update
2021-04-02 08:18:30 -06:00
0c9a8d403e
Merge branch 'master' into T1070.003_Update
2021-04-02 09:12:26 -05:00
a2395663c0
Update for Disable Bash History Logging with SSH -T Atomic
...
Made the following changes for -T for the command and resolved supported platform to linux
2021-04-02 09:07:57 -05:00
08b98f2556
Update T1070.003.yaml
2021-04-02 09:03:48 -05:00
ea98ba6b7a
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-02 13:30:11 +00:00
76a1c0f4bc
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-02 13:30:06 +00:00
f4bdccc905
t1564-update ( #1411 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-04-02 07:29:46 -06:00
228dcb1ae3
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-02 13:28:54 +00:00
8b6c9af427
add usebasicparsing flag ( #1410 )
2021-04-02 07:28:29 -06:00
180623c8ab
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-01 16:50:55 +00:00
0c3ab2ea9c
update nav layer version ( #1409 )
2021-04-01 10:50:37 -06:00
bc17626d85
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-24 18:39:14 +00:00
f2cb520542
Remove ARTifacts directory ( #1408 )
...
* Update 1547.001 with link to stable "ARTifact" URL
Creating static link for Discovery.bat as "ARTifacts" directory is slated for removal.
* Update 1547.001.md to reflect YAML change
* Delete ARTifacts directory
Legacy URL available here: https://github.com/redcanaryco/atomic-red-team/tree/e88a1ea463964839e267dba74ec1cf7bf634ccbf/ARTifacts
2021-03-24 12:38:00 -06:00
058b5c2423
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-22 15:39:07 +00:00
92026b8e3c
Moving Invoke-Mimikatz test to T1003.001 ( #1407 )
2021-03-22 09:38:35 -06:00
396ea73b70
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-13 14:24:38 +00:00
4803288632
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-13 14:24:31 +00:00
80415a586f
Moving mavinject test to T1055.001 and src cleanup #1404 ( #1405 )
...
* Moving mavinject test to T1055.001 and src cleanup #1404
* Adding Windows Command Prompt test
* Adding rundll32.exe test
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-03-13 07:22:36 -07:00
78d40c38a0
Merge pull request #1406 from amashinchi-rc/update-slack-invite-url
...
Update Slack Invite on Website
2021-03-12 10:30:19 -08:00
83a9f985e4
Merge branch 'master' into update-slack-invite-url
2021-03-12 11:05:02 -07:00
b72f5785ac
Update Slack Invite on Website
...
Also updating the URL on the atomicredteam.io website.
2021-03-12 10:02:09 -08:00
f03437fd28
Merge pull request #1403 from amashinchi-rc/update-slack-invite-url
...
Update the Slack Invite Request URL
2021-03-12 10:24:54 -05:00
a8d45abe94
Update the Slack Invite Request URL
...
The web app for requesting a Slack invite no longer works due to a deprecated Slack API call. Moving requests to a (Red Canary provided) Google Form.
2021-03-11 15:15:00 -08:00
a574666190
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-10 14:55:55 +00:00
4031861550
add quotes to fix command execution ( #1401 )
...
Thank you @aky1286 and Issue #1400
2021-03-10 07:55:23 -07:00
974e2eb8b6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-10 04:09:43 +00:00
2221b0715b
T1055: psexec "-s" is not required ( #1402 )
...
Since the user is admin the debug privilege is automatically obtained when necessary for the injection
The TTP is also clearer because mimikatz runs as the current user (used for psexec) and not as SYSTEM
2021-03-09 21:09:09 -07:00
2fd6408411
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-06 04:06:46 +00:00
fec19f8bef
Merge pull request #1398 from YSaxon/patch-1
...
remove macOS from /etc/passwd test
2021-03-05 21:06:10 -07:00
32af0f1aba
Merge pull request #1 from YSaxon/patch-2
...
Update T1087.001.md
2021-03-04 14:32:14 -05:00
7ed9ed1a3e
Update T1087.001.md
2021-03-04 14:31:19 -05:00
9cf7f56150
remove macOS from /etc/passwd test
...
macOS has an /etc/passwd file, but it doesn't actually use it under normal circumstances and user accounts are not listed there (it's just a standard default file that never changes)
As the header for the file states:
# Note that this file is consulted directly only when the system is running
# in single-user mode. At other times this information is provided by
# Open Directory.
2021-03-04 14:19:29 -05:00
7f6de4f651
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-01 17:33:15 +00:00
8d93e1c859
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-03-01 17:33:08 +00:00
c53797cbfc
Merge pull request #1319 from cherokeejb/patch-33
...
removed redundant 'sh' atomic, added nix keylogging atomic w fixes from prior commit
2021-03-01 10:32:49 -07:00
1dd81b1687
Merge branch 'master' into patch-33
2021-03-01 10:29:07 -07:00
07b61288d6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-26 15:49:41 +00:00
493c343724
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-26 15:49:35 +00:00
Ryan