3fa4dd1c9e
Fixed cleanup commands ( #869 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 17:06:14 -06:00
cdb4000e20
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-10 23:03:32 +00:00
c6d8809af3
Add prereqs ( #867 )
...
* Added prereqs
* Added prereqs
* Add prereqs
* undeleting file
* corrections
* Corrections
2020-03-10 17:02:52 -06:00
7f7fb3a9e6
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-09 21:52:28 +00:00
bf96837707
Add password option to T1136 ( #866 )
...
* add password
* T1136 now has password option when creating a new user in CMD prompt
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-09 15:52:09 -06:00
3d2c7e0efb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-09 21:26:21 +00:00
f3464e311c
Update T1003 ( #865 )
...
* Update T1003
Added prereqs and cleanup commands for test 7 (Offline Credential Theft With Mimikatz)
* Update T1003
Fix typo "...Create the lsass dump ....
2020-03-09 15:24:57 -06:00
5ec79bd8ed
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-09 15:50:11 +00:00
34f36da8f3
make verifyhash function available to prereq ( #859 )
2020-03-09 09:48:56 -06:00
063103ab79
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-07 23:04:14 +00:00
4ddb393a9b
T1095-2_Update ( #863 )
...
* T1095_Update
* T1095-2_update
* T1095-2_Update
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-07 16:03:55 -07:00
31f946622d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-07 22:20:30 +00:00
291346e52b
Add test 2 prereqs for T1003 that performs Credential Dumping ( #861 )
...
* Add test 2 prereqs for T1003 that performs Credential Dumping
* add import from web
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-07 15:20:14 -07:00
cac20abd54
Remove old invoke ( #858 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* remove old invoke
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: Keith McCammon <keith@redcanary.com >
2020-03-06 15:25:27 -07:00
c54ebaea98
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-06 19:59:43 +00:00
421e21675a
t-1028_Update ( #857 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-06 12:59:20 -07:00
799b63f3c8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-06 03:49:25 +00:00
c04e6c16b9
Modifying T1214 to include TrickBot PuTTY Session enumeration ( #856 )
...
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
* Add new T1214 technique PuTTY session enumeration as perfomred by Trickbot
2020-03-05 20:48:52 -07:00
f89552e246
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-04 21:35:00 +00:00
75149a7ac0
T1071-IP ( #855 )
...
* T1071-IP
* T1071-IP-fixed
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-04 14:34:40 -07:00
434c79f099
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-04 21:32:29 +00:00
6d4863aea6
Disable Office Security Settings, Delete Windows Defender Definition Files ( #854 )
...
* Disable Office Security Settings
* fixes
* Add test to delete windows defender files
2020-03-04 14:32:08 -07:00
877da0ba7d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-02 20:31:47 +00:00
aae45a1937
fixed RunOnce cleanup command by adding extra input argument for reg ( #852 )
...
key.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-02 13:31:26 -07:00
ed32225707
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-02 20:30:10 +00:00
6b6f7f1a48
Cast to string, strip ( #853 )
2020-03-02 13:29:48 -07:00
08034b7971
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-01 04:11:52 +00:00
5ab6e75302
T1024 ostap js version ( #851 )
...
* merged test 2
* Fixed Cleanup double execution error
* cleaned up description wording
2020-02-29 21:11:35 -07:00
ab2c18b19d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-29 21:59:49 +00:00
6fb77ba8aa
T1071-8 OSTap Payload Download ( #849 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-29 14:59:35 -07:00
6e8971bc79
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-29 21:47:05 +00:00
6cef46c6fc
added t1204-2 ( #850 )
2020-02-29 14:46:51 -07:00
59e7d3322b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-28 21:57:52 +00:00
080bac8e1a
markdown file take 2 ( #847 )
2020-02-28 14:57:29 -07:00
a9baff5251
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-28 20:40:45 +00:00
833caefbd0
T1153-T1531_CleanupErrors ( #846 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-28 13:40:26 -07:00
9dc3636e3f
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-28 20:04:31 +00:00
a32b50028b
fixed md file parsing issue ( #845 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-28 13:04:03 -07:00
9d8ffda86d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-28 19:48:08 +00:00
52b99cd654
T1056_T1090_CleanupErrors ( #844 )
2020-02-28 12:47:42 -07:00
5e8e3e0851
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-28 18:03:51 +00:00
ce43569dcf
T1096-T1138_CleanupErrors ( #842 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-28 11:03:31 -07:00
d1546cbb19
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-28 16:42:36 +00:00
fc0b4c23ad
T1204-OSTap Style Macro Delivery ( #843 )
...
* MalDoc Cradle and T1204 Test
* reduced unnecessary code
* IEX install Invoke-Maldoc
* Delete Invoke-MalDoc.ps1
2020-02-28 09:42:10 -07:00
fbc458a342
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-27 18:04:44 +00:00
381ba9d449
Create T1219.yaml ( #838 )
...
* Create T1219.yaml
Added first atomic for T1219
* spacing corrections
* spacing corrections
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-27 11:04:14 -07:00
ec50c4b064
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-26 22:00:47 +00:00
9e350d5290
Fix docs template carriage return issue ( #840 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-26 15:00:19 -07:00
a5df006dd6
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-26 21:59:04 +00:00
661e2beb3d
Correct markdown formatting for test #3 ( #835 )
...
* Correct markdown formatting for test #3
* Move XML data into its own file rather than try to display inline
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-26 14:58:45 -07:00
JrOrOneEquals1