security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,497 Commits 47 Branches 0 Tags
396cdf4d92967bd97190dc1b5bb736f94edf33ef
Commit Graph

1497 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Carrie Roberts 396cdf4d92 fix duplicate key in yaml issues (#690) 2019-11-25 11:05:55 -06:00
CircleCI Atomic Red Team doc generator 088081e033 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-25 16:55:57 +00:00
Andrew Beers abefc468d2 T1137 - Word spawned a command shell and used an IP address in the command line (#610) 
* create document and test

* update default atomics path

* refactor tests

* change back path

The PathToAtomicsFolder path works when installed from the script, but when closed from github the folder name is different. I think we should unify these and just have people clone from github if they want to use it, instead of having a seperate install script.

* removed duplicate, used powershell to launch document
 2019-11-25 09:55:38 -07:00
Andras32 1b05ec3b29 Added Hostname to ExecutionLog (#688) 
* Added Hostname to ExecutionLog

* added username
 2019-11-22 12:57:29 -07:00
Carrie Roberts 389c115caa removing dead links (#687) 2019-11-22 12:51:22 -07:00
Carrie Roberts 8b64037681 remove atomic-red-team-master folder from install (#689) 
* remove extra atomic-red-team-master folder for install

* remove extra atomic-red-team-master folder for install
 2019-11-22 11:57:30 -07:00
CircleCI Atomic Red Team doc generator 5f087ec34d Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-21 03:07:05 +00:00
Andrew Beers 5bf01b6c2c T1482 query ad/domain info (#676) 
* start work

* Update T1482.yaml
 2019-11-20 21:06:47 -06:00
CircleCI Atomic Red Team doc generator 802b693f29 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-20 22:55:45 +00:00
Fabricio Brunetti 31151185e5 T1122 - Update to use PathToAtomicsFolder (#681) 
* T1122 - Update to use PathToAtomicsFolder

Removed relative path to src folder, added PathToAtomicsFolder

* Modifying .md file
 2019-11-20 15:55:28 -07:00
Tony M Lambert 10a52d388b T1077 Redirect output to Admin Share (#685) 
* T1077 Redirect output to Admin Share

* Generate docs from job=validate_atomics_generate_docs branch=t1077-admin-output
 2019-11-20 15:46:24 -07:00
Tony M Lambert ccb4a26407 T1082 Add Hostname and MachineGUID tests (#683) 
* T1082 Add Hostname and MachineGUID tests

* Generate docs from job=validate_atomics_generate_docs branch=t1082-hostname-machineguid
 2019-11-20 15:42:33 -07:00
Tony M Lambert 0afc5beb6f T1016 Firewall Rule Enumeration with Netsh (#682) 
* T1016 Firewall Rule Enumeration with Netsh

* Generate docs from job=validate_atomics_generate_docs branch=t1016-firewall-enum
 2019-11-20 15:38:52 -07:00
Tony M Lambert 9c68146ff9 T1057 Process discovery via tasklist (#680) 
* T1057 Process discovery via tasklist

* Generate docs from job=validate_atomics_generate_docs branch=t1057-tasklist
 2019-11-20 15:37:48 -07:00
Tony M Lambert 8eb281faa6 T1047 - Wmic process create tests (#679) 
* T1047 - Wmic process create tests

* Generate docs from job=validate_atomics_generate_docs branch=t1047-wmic-process
 2019-11-20 15:36:42 -07:00
Tony M Lambert 4c3e2c3d83 T1018 Test for DC discovery with nltest (#678) 
* T1018 Discover DCs with nltest

* Generate docs from job=validate_atomics_generate_docs branch=t1018-nltest-dclist
 2019-11-20 15:34:54 -07:00
Tony M Lambert 713215eaf7 Added T1064 Scripting test for Windows (#677) 
* Added T1064 Scripting test for Windows

* Generate docs from job=validate_atomics_generate_docs branch=t1064-batch-script
 2019-11-20 15:33:52 -07:00
Tony M Lambert 947627a84d T1105 PowerShell download test (#684) 
* T1105 PowerShell download test

* Generate docs from job=validate_atomics_generate_docs branch=t1105-powershell-test
 2019-11-20 15:32:40 -07:00
CircleCI Atomic Red Team doc generator 586684d308 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-19 22:24:59 +00:00
Andrew Beers c5b2c92ad3 cleanup tests (#673) 
* cleanup tests

* fix path issue and add elevation requirements

* fix format

* remove redundant tests
 2019-11-19 15:24:45 -07:00
Fabricio Brunetti a49e529a34 Leverage PathToAtomicsFolder in Python framework (#675) 
Parsing the command to replace PathToAtomicsFolder variable.
Can-t use environment variables as some Powershell based tests use "$PathToAtomicsFolder".
I admit that it-s a bit hackish but I think it-s the most straightforward way to handle this without going through a major refactor of this framework
 2019-11-19 15:20:59 -07:00
CircleCI Atomic Red Team doc generator 24ff7c7173 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-19 22:14:12 +00:00
Andrew Beers 934aaa1435 T1023 LNK file to launch CMD placed in startup folders (#674) 
* put lnk files in startup folder

* fix typo
 2019-11-19 15:13:45 -07:00
CircleCI Atomic Red Team doc generator b5db6b26fb Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 23:27:24 +00:00
Andrew Beers ea619c49a3 create scheduled tasks a couple way to run on startup (#672) 2019-11-18 16:27:09 -07:00
CircleCI Atomic Red Team doc generator 69834f6b88 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 20:46:06 +00:00
Andrew Beers 826abe638e windows and powershell tests to recon data and write it to temp file for export (#671) 2019-11-18 13:45:33 -07:00
CircleCI Atomic Red Team doc generator a684542241 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 20:40:16 +00:00
Andrew Beers 3c9704117d T1135 recon avalaible share drives (#670) 
* net share command

* update description
 2019-11-18 13:39:58 -07:00
CircleCI Atomic Red Team doc generator 9658da76bc Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:50:50 +00:00
Andrew Beers aeeba08bbc Reach out to C2 Pointer URLs via command line (#644) 
* add urls and create test folder

* make test more realistic, cleanup command still broken

* use C drive instead of Temp because of permissions

* update paths

* update descriptions
 2019-11-18 09:50:35 -06:00
CircleCI Atomic Red Team doc generator 08fddb3940 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:44:19 +00:00
Jeff Ong e9e93b3907 T1208 kerberoasting with invoke kerberoast (#548) 
* Add test for T1208 that does Kerberoasting

Kerberoasting with Invoke-Kerberoast

* Rename atomics/T1208 to atomic/T1208/T1208.yaml

* Rename atomic/T1208/T1208.yaml to atomics/T1208/T1208.yaml

* Update T1208.yaml

* Update T1208.yaml
 2019-11-18 08:43:47 -07:00
CircleCI Atomic Red Team doc generator b3917a661f Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:31:37 +00:00
valen cf3e90ec91 T1075 new test added and other test t1023 t1044 t1058 (#625) 
* Add test for T1058 that does check weak services

* Add test for T1023 that modified shortcut and execute

* Add test for T1044 that check weak files permission

* Update T1044.yaml

* Update T1058.yaml

* Update T1023.yaml

* Update T1075.yaml

* Delete .T1023.yaml.swp

* Update T1044.yaml

* Update T1023.yaml

* Update T1058.yaml

* Update T1075.yaml
 2019-11-18 08:31:16 -07:00
CircleCI Atomic Red Team doc generator 8c7e1fcb9d Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:29:04 +00:00
Andrew Beers 65d0f6dc5d Zip a folder with PowerShell (#640) 
* add test to compress directory and delete it

* remove cleanup command sbecause I don't have a way to test them yet

* fix paths

* fix command misspelling

* zip into C drive

* fix paths to Temp finally

* move to data staging
 2019-11-18 08:28:44 -07:00
CircleCI Atomic Red Team doc generator 232fb47eda Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:19:08 +00:00
Andrew Beers 942ca94244 T1173 execute power shell script via word ddeauto (#643) 
* first commit for testing file download

* update download path for ps1 to test

* update path to point to redcanary repo. Once this is merged in it will download the file

* rename document, add command
 2019-11-18 08:18:56 -07:00
CircleCI Atomic Red Team doc generator 26bdd49b8c Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:17:52 +00:00
dwhite9 6635e0cb36 Switched executor to powershell. Fixed commandline to run correctly and (#669) 
added comments for clarification.
 2019-11-18 08:17:34 -07:00
CircleCI Atomic Red Team doc generator 275eaa9f59 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-16 00:22:19 +00:00
Brandon Morgan 12518d69c4 T1504 powershell profile (#668) 
* T1054 Powershell Profile take 2

* T1054 Powershell Profile Take 3

* pop calc.exe

* pop calc.exe v2
 2019-11-15 17:21:59 -07:00
CircleCI Atomic Red Team doc generator 6bc3ec3edc Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-15 15:42:59 +00:00
blackburnjrb 80d06be3a8 Added UAC Bypass using ComputerDefaults.exe and cleanup commands (#667) 2019-11-15 08:42:38 -07:00
JB abc2f2e563 added documentation of unix-like, clean directory structure (all files in /bin or /src besides .yaml or .md) (#664) 
/bin for executables
/src for source
 2019-11-15 08:39:01 -07:00
Carrie Roberts c86cb7ddbf a little bug fix (#665) 
* a little bug fix

* remove invoke call at the end
 2019-11-15 07:05:02 -07:00
CircleCI Atomic Red Team doc generator 59f2b264e9 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-15 05:02:01 +00:00
JB 5aed1f0210 moving .ps1 source in T1056 to /src folder (#663) 
* moving source code to /src

updated path of .ps1 source files here to best practices /src directory for all source code files

* moving input ps1 file for 1056, from PowerShellMafia/PowerSploit (moving file only)

moving the file to /src

* deleting file to complete move
 2019-11-14 22:01:43 -07:00
san-gwea 33d20ffb7c show executor and privilege requirement (#662) 2019-11-14 21:59:12 -07:00