* Update T1030.yaml Network-Based Data Transfer in Small Chunks
# Atomic Test # - T1030 - Data Transfer Size Limits: Network-Based Data Transfer in Small Chunks
## Objective
Simulate the technique of transferring data over a network in small chunks to evade size-based detection mechanisms.
## Description
This test involves transferring data over a network (either to a controlled external endpoint like `example.com`) in small, segmented sizes. This simulates an adversary's behavior in conducting stealthy data exfiltration.
* Update T1030.yaml
* Update T1030.yaml
removed clean up commands and detection
* Update T1030.yaml
* Update T1030.yaml
updated guid
* Update T1030.yaml
* Update T1030.yaml
updated intendents
* Update T1030.yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Improve pip handling (#1)
* virtual env added to T1018, tested and confirmed working
* virtual env added to T1003.001, tested and confirmed working
* virtual env added to T1555.003, tested and confirmed working
* Removing pip-autoremove installation as not required
* updating atomics count in README.md [ci skip]
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: publish bot <opensource@redcanary.com>
* Adding new test for T1654 for Enumerate Windows Security Log via WevtUtil
Adding new test for T1654 for Enumerate Windows Security Log via WevtUtil
* Update T1654.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Create T1137.001.yml
Created new Directory and new test for T1137.001
* Rename T1137.001.yml to T1137.001.yaml
* Update T1137.001.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
* adding ASR rules deletion
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1490.yaml
Fixed a formatting error in #2676
* Update T1490.yaml
add dependency_executor_name field
---------
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
* Update T1490.yaml
Support for creating shadow copies in Windows 10+
* Update T1490.md
Updating documentation
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1490.yaml "Modify VSS Service Permissions"
Modify permissions of the VSS service to inhibit system recovery. This test alters the security settings of the Volume Shadow Copy Service (VSS), potentially impacting system recovery operations. It should be conducted only in a controlled environment. The executor must have administrative privileges to modify service permissions. Note that this test does not include a cleanup command; thus, the changes will persist after execution. Ensure that you have a backup or a system recovery plan in place before running this test. Running this test on a production system or critical environment is not recommended without proper precautions.
* Update T1490.yaml
updated guid
* Update T1490.yaml
updated description and clean up command
* Update T1490.yaml
updated indentations
* Update T1490.yaml
* Update T1490.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
* Update T1041.yaml DNS-Based C2 Data Exfiltration
Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.
* Update T1041.yaml
updated the changes as requested
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Atomic Red Team GUID generator