security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,060 Commits 47 Branches 0 Tags
39c0efe2d5b3ddf0db3feb556a4e9e71de20dde8
Commit Graph

4791 Commits

Author SHA1 Message Date
Mohana Shankar D 39c0efe2d5 Update T1113.yaml (#2827) 
Detects the enabling of the Windows Recall feature via registry manipulation. Windows Recall can be enabled by deleting the existing "DisableAIDataAnalysis" registry value. Adversaries may enable Windows Recall as part of post-exploitation discovery and collection activities. This rule assumes that Recall is already explicitly disabled on the host, and subsequently enabled by the adversary.

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-10 10:05:09 -05:00
Atomic Red Team doc generator 9e94647f6e Generated docs from job=generate-docs branch=master [ci skip] 2024-07-10 14:13:24 +00:00
abhijose09 df0e93d621 Update T1012.yaml (#2841) 
Added new Test Reg query for AlwaysInstallElevated status

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-10 09:12:16 -05:00
Atomic Red Team doc generator 9cc823410d Generated docs from job=generate-docs branch=master [ci skip] 2024-07-10 13:55:40 +00:00
Hare Sudhan c8a70997da Adding more YAML validations (#2837) 
* Update T1202.yaml

* fix all atomics

* changing to macos to fix pytest issue

* changing to macos to fix pytest issue

* adding gitignore
 2024-07-10 08:54:26 -05:00
Atomic Red Team doc generator 79b9d83734 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-05 17:33:31 +00:00
skandler 4d30f39d6e Update T1003.004.yaml (#2835) 
* Update T1003.004.yaml

dumping kerberos tickets with dumper.ps1 powershell, by dumping the winlogon.exe

* Update T1003.004.yaml

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-07-05 12:32:19 -05:00
Atomic Red Team doc generator 054798feb3 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-05 16:47:58 +00:00
NeuralGlitch 600767fcca Update T1003.002.yaml (#2826) 
new atomic test added

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-05 11:46:48 -05:00
Atomic Red Team doc generator f839852779 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-05 16:44:42 +00:00
Badoodish 7a4ddc4f7d Added new test to T1614.001.yaml (#2830) 
Added following test: Discover System Language with dism.exe

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-05 11:43:28 -05:00
Atomic Red Team doc generator 3d7cf65d31 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-05 04:42:43 +00:00
Kevin Stapleton 006e4c7057 T1037.005, T1543.001, T1543.004 Persist Tests Enhancements (#2755) 
* add persistence tests

T1037.005, T1543.001, T1543.004

* remove manual guid

* minor fixes

---------

Co-authored-by: kevinmstapleton <kstapleton@octolabs.io>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-07-05 00:41:34 -04:00
Atomic Red Team doc generator 2420e0c902 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-05 02:05:48 +00:00
Bearloggs a11c37b31f Update T1489 - Add Linux tests (#2800) 
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-07-04 22:04:35 -04:00
Atomic Red Team doc generator 32b70e5536 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-04 18:50:40 +00:00
Prakash22-k 2cd5641ed7 Update T1082.yaml (#2814) 
* Update T1082.yaml

Details:
Adding new atomic Test for Mac OS under the MITRE Technique ID- T1082  - System Information Discovery

Name : sysctl to gather macOS hardware info

* remove empty keys

* remove empty keys

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-07-04 14:49:30 -04:00
Atomic Red Team doc generator 44de1a8e88 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-04 17:06:22 +00:00
skandler b1292579d2 Update T1552.yaml (#2829) 
added an atomic which searches for password strings in powershell history file

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-04 12:05:04 -05:00
Atomic Red Team doc generator 3fd025b45c Generated docs from job=generate-docs branch=master [ci skip] 2024-07-04 17:03:39 +00:00
skandler e916ce5772 Update T1486.yaml (#2828) 
Added an atomic for dropping 100 files with .akira ending and random content and dropping the akira ransomnote
 2024-07-04 12:02:23 -05:00
Atomic Red Team doc generator 7103d7427f Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 22:32:13 +00:00
Phil Hagen fd399bb6ed fix nesting and remove empty entries (#2825) 
* fix nesting and remove empty entries

* missed an indent correction

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-03 16:31:05 -06:00
Atomic Red Team doc generator 87b5a285ca Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 22:29:55 +00:00
Štěpán Bendl 4630d707be Remove dependencies from T1070.006's Modify file timestamps using reference file (#2824) 2024-07-03 16:28:42 -06:00
Atomic Red Team doc generator a96f4212a5 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 01:18:53 +00:00
Markus 158728fab4 T1048.003: Fix DNS exfiltration command escaping (#2823) 
Co-authored-by: Markus Schader <markus.schader@worldline.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-02 20:17:44 -05:00
Atomic Red Team doc generator 4fa2ba6608 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 01:11:11 +00:00
Prakash22-k 137fb9f7e3 Update T1202.yaml (#2820) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-02 20:09:55 -05:00
Atomic Red Team doc generator 6e6af49776 Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 01:08:20 +00:00
soumyadeep09 9d56cff212 T1070.006 Event Log Manipulations- Time slipping via Powershell (#2819) 
* Update T1070.006.yaml

* Update T1070.006.yaml

* Update T1070.006.yaml

* Update T1070.006.yaml

* add cleanup commands

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-02 20:07:14 -05:00
Atomic Red Team doc generator adb1f314bf Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 00:32:46 +00:00
Br3akp0int a3014001a9 ShrinkLocker PIN,TPM Bitlocker Registry Modification (#2817) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-02 19:31:31 -05:00
Atomic Red Team doc generator 75a7a106ce Generated docs from job=generate-docs branch=master [ci skip] 2024-07-03 00:26:33 +00:00
Prakash22-k 9d5c56fac7 Update T1218.011.yaml (#2813) 
Details:
Adding new atomic Test for Windows - Rundll32 execute payload by calling RouteTheCall

Testing:
Performed the Testing Atomic Lab

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-07-02 19:25:10 -05:00
Atomic Red Team doc generator abb837bcfe Generated docs from job=generate-docs branch=master [ci skip] 2024-06-28 23:08:09 +00:00
Enes 647c26323f Create T1652 folder and yaml file (#2808) 
* Create T1652

Adding a new folder so that I can add a YAML file for a new test.

* Delete atomics/T1652

Restarting

* Create T1652.yaml

Created a folder and new a new YAML file.

* Update T1652.yaml

Added more verbosity and details to t1652.

* Update T1082.yaml

Atomic Test #28 - Driver Enumeration using DriverQuery

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-06-28 18:06:32 -05:00
Atomic Red Team doc generator 05d3123aa5 Generated docs from job=generate-docs branch=master [ci skip] 2024-06-18 18:41:54 +00:00
nish221b-bs b84afa7c76 Update T1112.yaml (#2809) 
Added new Atomic "Flush ShimCache"

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-06-18 13:40:42 -05:00
Atomic Red Team doc generator f8df955af0 Generated docs from job=generate-docs branch=master [ci skip] 2024-06-18 18:10:56 +00:00
abhijose09 f205476bf7 Update T1046.yaml (#2802) 
added new test

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-06-18 13:09:50 -05:00
Atomic Red Team doc generator 0658d14d1d Generated docs from job=generate-docs branch=master [ci skip] 2024-06-13 22:08:58 +00:00
Alphonsa George 1cb761c5a0 Modified the Prereq_command of Test Unload Sysmon Filter Driver (#2807) 
* Modified the Prereq_command of Test Unload Sysmon Filter Driver

* modified typo on the description

---------

Co-authored-by: alphonsa-01 <NA>
 2024-06-13 17:07:09 -05:00
Atomic Red Team doc generator 1e3b63fbaf Generated docs from job=generate-docs branch=master [ci skip] 2024-06-04 14:50:36 +00:00
NeuralGlitch 30b73d06bf Update to T1105 with New Atomic Test (#2792) 
* Adding a sample zip file to help with atomic test

* Update T1105.yaml

* Update T1105.yaml

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-06-04 09:49:22 -05:00
Atomic Red Team doc generator 430b2ac270 Generated docs from job=generate-docs branch=master [ci skip] 2024-06-04 14:41:09 +00:00
Mohana Shankar D c2bcb1c2a6 Update T1057.yaml (#2791) 
New Process discovery atomic using PC hunter

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-06-04 09:39:56 -05:00
Phil Hagen 4b63cc604e Change ISO8859-1 to UTF-8 on included MD file (#2798) 
* fix jinja2 syntax

* fix LinkById syntax

* further syntax correction for LinkById instances

* change encoding to UTF-8 to satisfy subsequent build processes
 2024-06-03 17:38:44 -04:00
Phil Hagen 16ed461ee4 Fix LinkById syntax (#2794) 
* fix jinja2 syntax

* fix LinkById syntax

* further syntax correction for LinkById instances
 2024-06-03 12:46:19 -04:00
Atomic Red Team doc generator 65ef96a69d Generated docs from job=generate-docs branch=master [ci skip] 2024-06-03 11:09:33 +00:00