security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,690 Commits 47 Branches 0 Tags
3f4996c8ffa58a2a450fd48fe6cefebffdcaf8fd
Commit Graph

4690 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
packetzero 3f4996c8ff T1082 list linux kernel modules - remove sudo (#2234) 
* T1082 list linux kernel modules - remove sudo

Fix for #2233.  Remove unnecessary  `sudo` from T1082 "Linux list kernel modules" commands.  Add another mechanism to `cat /proc/modules`.

* change to grep proc modules

A little more interesting to grep the /proc/modules file rather than cat.

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-01-05 11:14:50 -07:00
Atomic Red Team doc generator 2b239f16b3 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-05 15:03:11 +00:00
Atomic Red Team GUID generator edace96a04 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-05 15:03:03 +00:00
Matt Graeber 2158af8265 Merge pull request #2267 from tvjust/t1114.003 
Created email forwarding T1114.003
 2023-01-05 10:02:32 -05:00
Justin Schoenfeld da583c45ff change forwarding domain 2023-01-05 10:01:19 -05:00
Justin Schoenfeld b1fc7ca9fe Update T1114.003.yaml 2023-01-05 09:44:00 -05:00
Justin Schoenfeld 52bf96f197 Implement option email forwarding address 2023-01-05 09:43:34 -05:00
Justin Schoenfeld 174ff319bb Update T1114.003.yaml 2023-01-04 16:46:20 -05:00
Justin Schoenfeld c09c0afbd9 Update T1114.003.yaml 2023-01-04 16:44:01 -05:00
Justin Schoenfeld 95a9c36019 Update T1114.003.yaml 2023-01-04 16:36:17 -05:00
Justin Schoenfeld ef832dc7aa Create T1114.003.yaml 2023-01-04 16:25:29 -05:00
Atomic Red Team doc generator eeefbccf77 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-04 03:26:19 +00:00
Carrie Roberts 0ce94db3b3 bump nav version (#2261) 2023-01-03 22:25:44 -05:00
Atomic Red Team doc generator 703af1c830 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-04 03:24:07 +00:00
çidem b0b413cc9d T1105 :: Correct remote_url, Change del to rm (#2265) 2023-01-03 22:23:39 -05:00
Atomic Red Team doc generator c2aca27df1 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-04 03:19:27 +00:00
Atomic Red Team GUID generator b5dde3c8f2 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-04 03:19:21 +00:00
Michael Haag 6db82cba9c T1505.004 - IIS Components & T1562.002 - Disable HTTP logging (#2266) 2023-01-03 22:18:53 -05:00
Atomic Red Team doc generator 9627003081 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-03 13:36:41 +00:00
Carrie Roberts fd7772813a corrected code so it will execute (#2263) 
* corrected code so it will execute

* elevation not needed

* update description
 2023-01-03 06:36:03 -07:00
Atomic Red Team doc generator 9a6e0425ff Generated docs from job=generate-docs branch=master [ci skip] 2022-12-30 16:02:40 +00:00
Atomic Red Team GUID generator 8036dec1c4 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-12-30 16:02:34 +00:00
devapriya16 4a4fd153d8 Update T1112.yaml (#2262) 
Enabling Restricted Admin Mode via Command_Prompt, enables an attacker to perform a pass-the-hash attack using RDP

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-12-30 11:02:04 -05:00
Atomic Red Team doc generator 08579bb5be Generated docs from job=generate-docs branch=master [ci skip] 2022-12-30 00:42:18 +00:00
Carrie Roberts 0dab0ee7e9 block regedit and cmd.exe (#2260) 2022-12-29 17:41:33 -07:00
Atomic Red Team doc generator 25acadc0b4 Generated docs from job=generate-docs branch=master [ci skip] 2022-12-20 16:01:17 +00:00
Noy-s1 5c710cc04e Fixed Automated Collection Command Prompt variable call (#2259) 
* Fixed Automated Collection Command Prompt variable call

While using the commands from a batch file the old code wont work because of the way the variable is being called.
The addition of '%' fixed the issue.

* Update T1119.yaml

* add slash

* Update T1564.004.yaml

* Update T1564.004.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-12-20 11:00:42 -05:00
Atomic Red Team doc generator 84d9edaaaa Generated docs from job=generate-docs branch=master [ci skip] 2022-12-17 15:46:08 +00:00
Atomic Red Team GUID generator 6564ab464e Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-12-17 15:46:01 +00:00
Michael Haag 9c34bcb1a8 Create T1562.yaml (#2258) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-12-17 10:45:29 -05:00
Atomic Red Team doc generator 2fadd2287c Generated docs from job=generate-docs branch=master [ci skip] 2022-12-16 21:55:22 +00:00
Carrie Roberts c17eeb2b66 move reference to description (#2257) 2022-12-16 16:54:51 -05:00
Atomic Red Team doc generator 13e23151c8 Generated docs from job=generate-docs branch=master [ci skip] 2022-12-16 20:27:20 +00:00
Atomic Red Team GUID generator 204c86694e Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-12-16 20:27:13 +00:00
sai prashanth pulisetti 7fd3529b28 Update for name: Abuse Nslookup with DNS Records (#2248) 
* Update for name: Abuse Nslookup with DNS Records

* custom nslookup function

* fix spacing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-12-16 15:26:42 -05:00
Atomic Red Team doc generator b86d24fd99 Generated docs from job=generate-docs branch=master [ci skip] 2022-12-14 23:10:06 +00:00
Atomic Red Team GUID generator 51c59e06d3 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-12-14 23:09:58 +00:00
Mohana Shankar D 54cc912687 Remote System Discovery - net group Domain Controller (#2249) 
* Remote System Discovery - net group Domain Controller

Identify remote systems with net.exe querying the Active Directory Domain Controller. Upon successful execution, cmd.exe will execute cmd.exe against Active Directory to list the "Domain Controller" in the domain. Output will be via stdout.

* Update T1018.yaml

* Update T1018.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-12-14 18:09:24 -05:00
Atomic Red Team doc generator c17e4303bc Generated docs from job=generate-docs branch=master [ci skip] 2022-12-14 22:50:55 +00:00
Bhavin Patel 939774541e Merge pull request #2243 from redcanaryco/clr2of8-patch-29 
correct name
 2022-12-14 14:50:22 -08:00
Michael Haag 17a66b018f Merge branch 'master' into clr2of8-patch-29 2022-12-14 13:42:35 -07:00
Atomic Red Team doc generator 324b2a7401 Generated docs from job=generate-docs branch=master [ci skip] 2022-12-14 20:41:48 +00:00
Michael Haag 09043e625c Merge branch 'master' into clr2of8-patch-29 2022-12-14 13:41:37 -07:00
Carrie Roberts 14271bcbc5 removing duplicate test (#2239) 
* removing duplicate test

* add elevation required

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-12-14 13:41:20 -07:00
Atomic Red Team doc generator 45741c6c95 Generated docs from job=generate-docs branch=master [ci skip] 2022-12-14 20:35:27 +00:00
Carrie Roberts 684a637c1a fix typo, user temp directory (#2238) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-12-14 13:34:57 -07:00
Jonathan Yee 9d2f6e05c9 Update T1567.002.yaml (#2245) 
Removed tab from file which was causing parsing to break
 2022-12-14 07:33:55 -07:00
Atomic Red Team doc generator 5c1e6f1b4f Generated docs from job=generate-docs branch=master [ci skip] 2022-12-07 01:40:37 +00:00
Brian c6368a624d Updating ATT&CK and Navigator (#2244) 
This should update the Navigator layers from ATT&CK 11 to 12 and from Navigator 4.5.5 to 4.7.1
 2022-12-06 18:39:57 -07:00
Carrie Roberts 063610ad8e correct name 2022-12-03 18:37:00 -05:00