security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,228 Commits 47 Branches 0 Tags
2a40652162be071bfb6020ac5ef243136ac66f85
Commit Graph

1228 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CircleCI Atomic Red Team doc generator 2a40652162 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-21 12:09:28 +00:00
swelcher e4318e90f5 [FIX] Duplicate YAML Keys (#503) 2019-05-21 06:09:14 -06:00
caseysmithrc fe2bfa6268 msbuild expects the csproj file in the same path (#501) 2019-05-13 14:23:23 -06:00
CircleCI Atomic Red Team doc generator 1310d86685 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-13 15:28:31 +00:00
Tony M Lambert f674d37d9c T1501 Systemd reorg and add variables (#491) 
* Update ATT&CK json for technique creation

* Reorg systemd test and add variables
 2019-05-13 09:28:20 -06:00
Tony M Lambert b5dc3e17a8 ATT&CK Navigator Layer Generation via Ruby (#500) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* Added code to generate Navigator layer

* Add ATT&CK Navigator layer to readme
 2019-05-11 19:23:48 -10:00
CircleCI Atomic Red Team doc generator 6abfe94684 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-10 19:57:12 +00:00
Tony M Lambert 5897b9aef1 T1482 Domain Trust Discovery (#495) 
* Update ATT&CK json for technique creation

* T1482 - Domain Trust Discovery
 2019-05-10 13:56:56 -06:00
Michael Haag a29708a7a3 install-atomicredteam Updates (#498) 
* Updated URL location

* fixed url

again

* Updated InstallPath

Updated install path for issue #478
 2019-05-10 13:38:02 -06:00
CircleCI Atomic Red Team doc generator 988f97eb63 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-10 19:35:24 +00:00
Tony M Lambert 9a8acbed1f T1490 Inhibit System Recovery (#493) 
* Update ATT&CK json for technique creation

* T1490 Inhibit System Recovery
 2019-05-10 09:35:09 -10:00
CircleCI Atomic Red Team doc generator 6f88a3ecac Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-07 14:31:34 +00:00
Tony M Lambert 5d0bf18098 T1485 Data Destruction Tests (#492) 
* Update ATT&CK json for technique creation

* T1485 - Data Destruction Tests
 2019-05-07 08:31:25 -06:00
CircleCI Atomic Red Team doc generator af95800d81 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-07 14:30:13 +00:00
Tony M Lambert e180e513f7 T1201 Windows & macOS PW policy enum (#490) 2019-05-07 08:29:53 -06:00
CircleCI Atomic Red Team doc generator 9c8c2edcd8 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-06 16:23:27 +00:00
Tony M Lambert 1585dccdfa T1489 Service Stop (#494) 
* Update ATT&CK json for technique creation

* T1489 - Service Stop
 2019-05-06 10:23:02 -06:00
CircleCI Atomic Red Team doc generator e049f7dc4b Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-06 16:17:00 +00:00
Tony M Lambert 76085a09b8 T1003 Add dumping of NTDS with VSC (#489) 2019-05-06 10:16:43 -06:00
CircleCI Atomic Red Team doc generator 29da400700 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-06 16:15:35 +00:00
Tony M Lambert 7a25221960 Update ATT&CK json for technique creation (#488) 2019-05-06 10:15:22 -06:00
CircleCI Atomic Red Team doc generator e0a560ef90 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-06 15:53:26 +00:00
mikajarvinen 58639f8058 Add ICMP exfiltration test to T1048 (#485) 2019-05-06 09:52:07 -06:00
Keith McCammon 43b2aa5b89 Fix repository URLs (#497) 
* Fix repository URLs

* Use Jeykll namespace for URLs
 2019-05-06 09:49:55 -06:00
mikajarvinen 66501f291f Fix docs/contributing.md pointing to non-existent spec.yaml (#484) 2019-05-06 08:57:17 -06:00
CircleCI Atomic Red Team doc generator d11bcc8331 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-01 23:39:00 +00:00
Tony M Lambert 0557556dc0 T1141 PoSH Input Prompt from Stitch (#483) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* Correct URL for DownloadString (#480)

The Get-Inbox.ps1 is not in the ARTifacts directory, it is in the directory for this technique

* Generate docs from job=validate_atomics_generate_docs branch=master

* T1141 - PoSH Input Prompt Stitch
 2019-05-01 19:38:44 -04:00
CircleCI Atomic Red Team doc generator 41a69411de Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-01 23:29:08 +00:00
Tony M Lambert 02b4186e1a T1099 - Timestomping with PowerShell (#482) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* Correct URL for DownloadString (#480)

The Get-Inbox.ps1 is not in the ARTifacts directory, it is in the directory for this technique

* Generate docs from job=validate_atomics_generate_docs branch=master

* Added PoSH timestomp tests taken from Stitch RAT
 2019-05-01 19:28:52 -04:00
CircleCI Atomic Red Team doc generator 3b86c74353 Generate docs from job=validate_atomics_generate_docs branch=master 2019-05-01 23:27:33 +00:00
Glenn Barrett 20c416fc5e Correct URL for DownloadString (#479) 
The Get-Inbox.ps1 is not in the ARTifacts directory, it is in the directory for this technique
 2019-05-01 19:27:22 -04:00
CircleCI Atomic Red Team doc generator c658cc41cf Generate docs from job=validate_atomics_generate_docs branch=master 2019-04-30 18:22:16 +00:00
Tony M Lambert 2ddd610a61 Add T1082 vm check from Pupy (#481) 
* initial commit

* modified output style

* final url changes

* Update rocke-and-roll-stage-01.sh

* Add Linux guest vm checks

* case insensitivity
 2019-04-30 12:22:04 -06:00
CircleCI Atomic Red Team doc generator 2797ddabdc Generate docs from job=validate_atomics_generate_docs branch=master 2019-04-03 14:16:36 +00:00
Glenn Barrett ba8560206f Correct URL for DownloadString (#480) 
The Get-Inbox.ps1 is not in the ARTifacts directory, it is in the directory for this technique
 2019-04-03 08:15:59 -06:00
Michael Haag 16f6b633ce T1086 msxml (#471) 
* Update T1086.yaml

Modified test to have both. I think it's worth having two executions in this sense as it assists with validating remote (SOC/SIEM) detection + console (stdout) detection. I'm for modifying them all, but not sure the urgency.

Issue #466

* Generate docs from job=validate_atomics_generate_docs branch=T1086MSXML

* Fixed quotes

Fixed quotes per 2nd comment on #466

* Generate docs from job=validate_atomics_generate_docs branch=T1086MSXML
 2019-03-26 13:13:12 -07:00
Michael Haag 5f49684c43 Install fixes (#462) 
* Install fixes

Updated casing. Should be happier

* fix docs-invoke page

Fixing docs invoke page to match the other readme
 2019-03-26 13:13:05 -07:00
Michael Haag d91f2c1479 T1220 (#472) 
* T1220 Fix

T1220 fix per #467

* Generate docs from job=validate_atomics_generate_docs branch=T1220
 2019-03-26 13:12:58 -07:00
Michael Haag 820ed2e465 T1197 (#473) 
* Update T1197.yaml

Fixed issue #463
Fixed issue #464

* Generate docs from job=validate_atomics_generate_docs branch=t1197
 2019-03-26 13:12:49 -07:00
Michael Haag 0c3e47f7be T1100 and T1071 (#475) 
* Technique - T1071

First commit of T1071 - Standard Application Layer Protocols.
Specifically using powershell & Curl to simulate malicious user agents.

* Web Shell

Simple test of copying webshells from atomic dir to a path on the file system.

* typo

* Generate docs from job=validate_atomics_generate_docs branch=web
 2019-03-26 13:12:40 -07:00
Zac Brown 80e983e3d9 Update PyYAML to >= 4.2b1 due to security alert: https://nvd.nist.gov/vuln/detail/CVE-2017-18342 (#474) 2019-03-26 11:52:59 -06:00
Michael Haag f69ea2a586 T1022 Updates (#470) 
* T1022 Updates

Bypass PR #351 (some weird issue in there).
Update schema and tab completion.
Credit to @samuelmarticotteBELL

Thanks for the help!

* Update T1022.yaml

Fixed error

* Update T1022.yaml

space fix

* Generate docs from job=validate_atomics_generate_docs branch=T1022
 2019-03-26 10:52:37 -07:00
Michael Haag d258111402 BloodHound URLs - T1086 (#468) 
* URLs

Fix url's for issue #465

* Generate docs from job=validate_atomics_generate_docs branch=t1086
 2019-03-15 10:02:19 -04:00
caseysmithrc a668ff07d9 T1055 process injection (#460) 
* ProcessInjection-FiveAlive

* Generate docs from job=validate_atomics_generate_docs branch=T1055-ProcessInjection
 2019-02-17 14:45:00 -08:00
Michael Haag 818c2ce55d DragonsTail (#458) 
Updated URLs to fix #437
 2019-02-14 13:43:31 -08:00
Michael Haag 7e34cbe7df ART - Getting Started Made Easy (#459) 
* New Guide + Execution Script

Commit of new script and guide!

* Updated ReadMe

Updated Readme with new instructions

* Fixed typos

Typo gone and ready!
 2019-02-14 13:13:13 -08:00
Greg Foss 60bc6fd9e1 Add test for T1114 that extracts email from the local outlook instance (#456) 2019-02-13 22:10:54 -08:00
CircleCI Atomic Red Team doc generator a1c83527fb Generate docs from job=validate_atomics_generate_docs branch=master 2019-02-14 06:10:46 +00:00
Keep Watcher 02dc3e41ab Certutil update (#452) 
* Fixing certutil syntax error

* Adding certutil download tests

* Adding commands to rename download for verifyctl argument

* Fixing type syntax
 2019-02-13 22:10:39 -08:00
CircleCI Atomic Red Team doc generator e0d70c657d Generate docs from job=validate_atomics_generate_docs branch=master 2019-02-14 06:09:52 +00:00