security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,364 Commits 47 Branches 0 Tags
29ae06b032ed40a670aea256233cbdbf8ef40481
Commit Graph

2364 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CircleCI Atomic Red Team doc generator 29ae06b032 Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-15 16:28:04 +00:00
Micheal Fleck fde64c6173 Update T1012.yaml (#1255) 
Removed extra spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-15 10:27:40 -06:00
Will Urbanski acda0a41f6 Fix off-by-one and misspelling (#1257) 2020-10-15 10:22:38 -06:00
CircleCI Atomic Red Team doc generator 8f72e4f710 Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-14 02:21:45 +00:00
CyberConradWilson 38f7dce9d8 Update T1113.yaml (#1256) 
* Update T1113.yaml

Update test #4 to include a prereq that downloads ImageMagik, updated test #4's name, and updated test #4's description.

* fix yaml spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-13 20:21:21 -06:00
CircleCI Atomic Red Team doc generator 0e54272108 Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-10 14:35:26 +00:00
CyberConradWilson fad05dbdfa Adding New Test (#1248) 
* Adding New Test

Adding a new test that will invoke the command that Ryuk ransomware uses.

* more descriptive wording

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-10 08:35:03 -06:00
Carrie Roberts 1b0994ea9e update/clarify description (#1247) 
* update/clarify description

* Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-10

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-10-08 12:03:40 -06:00
CircleCI Atomic Red Team doc generator 408a3b694c Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-08 13:45:04 +00:00
Carl ea62f1a197 Merge pull request #1241 from haresudhan/T1115 
Added MacOS tests for T1115
 2020-10-08 07:44:33 -06:00
Carl 63c9f570fe Merge branch 'master' into T1115 2020-10-08 07:41:03 -06:00
CircleCI Atomic Red Team doc generator 298a90bcb5 Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-08 13:39:28 +00:00
Carl 362ddf89c1 Merge pull request #1242 from haresudhan/T1098.004 
Added tests for T1098.004.
 2020-10-08 07:39:07 -06:00
Hare Sudhan Muthusamy 3396ddc13b Merge branch 'master' into T1098.004 2020-10-08 05:55:14 -06:00
Hare Sudhan Muthusamy 35f08a6dc5 Merge branch 'master' into T1115 2020-10-08 05:54:49 -06:00
CircleCI Atomic Red Team doc generator 4e4f8a2775 Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-08 02:37:06 +00:00
tuckner b206a0d7cd Add tests for T1070.003 Clear Command History (#1237) 
* feat: add t1070.003 powershell history clear commands

* feat: include preventing powershell logging

* feat: add cleanup command

* consolidate tests, fix typo

Removed the two duplicated atomics that were using aliases for Remove-Item

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-07 20:36:04 -06:00
Hare Sudhan Muthusamy 994735a156 Merge branch 'master' into T1115 2020-10-07 14:06:14 -06:00
Hare Sudhan Muthusamy a19e9e9797 Update T1115.yaml 2020-10-07 14:05:37 -06:00
Hare Sudhan Muthusamy 42e19f2e09 Merge branch 'master' into T1098.004 2020-10-07 14:00:46 -06:00
Hare Sudhan Muthusamy a690c4ca58 Update T1098.004.yaml 2020-10-07 14:00:26 -06:00
Jesse Brown e88a1ea463 update ATT&CK ids on Ranger, cookie miner, and qbot chain reactions (#1243) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-07 11:35:19 -06:00
Hare Sudhan Muthusamy 995466a0e3 Changing elevation_required value. 2020-10-07 02:52:19 -06:00
haresudhan 9d574c083b Added T1098.004 tests 2020-10-07 02:45:39 -06:00
haresudhan 3385770a6d Added MacOS tests 2020-10-07 01:55:23 -06:00
CircleCI Atomic Red Team doc generator 8eb52117b7 Generate docs from job=validate_atomics_generate_docs branch=master 2020-10-06 16:13:36 +00:00
Brian Thacker 5ba2d3e985 Update T1550.002.yaml (#1235) 
added code to make prereq commands for test 1.
 2020-10-06 10:13:14 -06:00
John Lambert 6be404bece Fix 404 link in script (#1234) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-05 10:34:43 -06:00
John Lambert e2a501b28f Fix 404 URL (#1233) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-10-05 10:31:36 -06:00
John Lambert 1bc6c7e115 Updating 404 link (#1232) 
The URL referenced a non existing page (chain_reaction_DragonsTail_benign.ps1). Pretty sure it meant dragonstail_benign.ps1
 2020-10-05 10:27:33 -06:00
CircleCI Atomic Red Team doc generator 23fc9289cf Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-29 15:47:51 +00:00
xkeyscore007 3cdd80d2f4 Test Case to search a user's bookmarks file from Internet Explorer (#1227) 
* Lists the Ineternet Explorer bookmarks

This command lists the bookmarks for Internet Explorer that are found in the Favorites folder

* Update T1217.yaml

Also, below command can be used to achieve similar results -
dir /s /b C:\Users\%USERNAME%\Favorites

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-29 09:47:02 -06:00
CircleCI Atomic Red Team doc generator 910a2a764a Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-29 13:53:28 +00:00
Katya Potapov 6870ca31c1 fix MITRE URL formatting (#1229) 2020-09-29 07:53:01 -06:00
CircleCI Atomic Red Team doc generator f46f1788ab Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-18 18:45:01 +00:00
dwhite9 d3c575085f removed cleanup command that deletes sharphound so the prereq only needs (#1226) 
to be run once.

Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com>
 2020-09-18 12:44:04 -06:00
CircleCI Atomic Red Team doc generator aaf9b7500e Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-18 14:44:29 +00:00
Matt Graeber 46c29db12f Merge pull request #1225 from cnotin/pr-T1028 
T1028 "Windows Remote Management": split in several techniques
 2020-09-18 10:44:04 -04:00
Clément Notin 749006a557 Fix bis 2020-09-18 16:38:41 +02:00
Clément Notin 9e5d5c5cb2 Fix mistake 2020-09-18 16:38:10 +02:00
cnotin 6000965b1e T1028 "Windows Remote Management": split in several techniques 
Fixes #1042
 2020-09-18 15:57:11 +02:00
CircleCI Atomic Red Team doc generator d68a57842a Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-16 13:57:33 +00:00
Matt Graeber 4dc60fe603 Merge pull request #1224 from clr2of8/remove-fp-weakness 
Remove File System Permissions Weakness atomic test
 2020-09-16 09:57:12 -04:00
clr2of8 8fed41ac02 removing test 2020-09-16 07:50:24 -06:00
Amine Taouirsa cebd539a36 Update T1218.011.inf (#1223) 
Convert to Mitre ATT&CK sub-technique schema
 2020-09-16 07:29:43 -06:00
CircleCI Atomic Red Team doc generator 30b77fc5a0 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-15 14:57:15 +00:00
Jil Larner 74ad1849de Changed default computer target from computer1 to localhost in the remote execution through MMC (#1218) 
Co-authored-by: Didier Cambefort <didier.cambefort@scrt.ch>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-15 08:56:52 -06:00
CircleCI Atomic Red Team doc generator 00948b0058 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-15 14:53:29 +00:00
Brian Thacker 7b90e89acd Update T1053.003.yaml (#1221) 
Add code to make cleanup commands.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-15 08:53:11 -06:00
CircleCI Atomic Red Team doc generator 45f59adc44 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-09 16:42:32 +00:00