a9deea5eba
Generated docs from job=generate-docs branch=master [ci skip]
2022-07-15 03:19:33 +00:00
d98de27058
Update T1082-3,4 ( #2035 )
...
Remove semicolons from end of if statements
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-07-14 21:19:00 -06:00
726c223308
Generated docs from job=generate-docs branch=master [ci skip]
2022-07-13 20:10:17 +00:00
a04ddfd5d1
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-07-13 20:10:12 +00:00
9f7a456f9f
Adding T1082 Test - Azure Security Scan with SkyArk
2022-06-29 00:09:34 -05:00
819934cc3f
Generated docs from job=generate-docs branch=master [ci skip]
2022-06-16 22:47:00 +00:00
9906df5fe8
Generated docs from job=generate-docs branch=master [ci skip]
2022-05-12 23:54:23 +00:00
e1f3b35ce2
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-05-12 23:54:17 +00:00
7f14e048e0
Update T1082.yaml ( #1951 )
...
* Update T1082.yaml
PowerSharpPack - Seatbelt technique via function of WinPwn performing Local Privileges escalation
* Update T1082.yaml
* Update T1082.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-05-12 17:53:54 -06:00
3ca876233d
Generated docs from job=generate-docs branch=master [ci skip]
2022-05-12 23:32:46 +00:00
da6c2b191b
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-05-12 23:32:41 +00:00
9b66e99946
Update T1082.yaml ( #1962 )
...
* Update T1082.yaml
PowerSharpPack - Sharpup checking common Privesc vectors technique via function of WinPwn
* Update T1082.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-05-12 17:32:15 -06:00
d2501a2832
Generated docs from job=generate-docs branch=master [ci skip]
2022-05-12 22:48:37 +00:00
c288ca084b
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-05-12 22:48:32 +00:00
70c82b2c4a
Update T1082.yaml ( #1958 )
...
PowerSharpPack - Watson searching for missing windows patches technique via function of WinPwn
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-05-12 16:48:10 -06:00
6398d68728
Generated docs from job=generate-docs branch=master [ci skip]
2022-05-07 02:03:39 +00:00
f6ef11a01b
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-05-07 02:03:34 +00:00
0b1b92355a
Adding Discovery Atomics sourced from WinPwn Script ( #1928 )
...
**Details:**
https://github.com/S3cur3Th1sSh1t/WinPwn/
**Testing:**
Tested on Windows 10 VM
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-05-06 20:03:13 -06:00
f290e08d83
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-04-05 21:45:23 +00:00
1d109a96b7
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-04-05 21:45:18 +00:00
3cade57156
Update T1082.yaml - Add System Integrity Protection status (MacOS) ( #1852 )
...
* Update T1082.yaml - Add System Integrity Protection status (MacOS)
csrutil is commonly used by malware and post-exploitation tools to determine whether certain files and directories on the system are writable or not. This command checks and displays System Integrity Protection status.
* Update T1082.yaml
* Update T1082.yaml
fix formatting issues
2022-04-05 15:44:46 -06:00
7091fa8b16
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2022-04-01 14:37:00 +00:00
a0edb02b80
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-09-15 16:50:17 +00:00
ad77c4245c
update description, correct link ( #1630 )
...
* update description, correct link
* Update T1082.yaml
updated a word
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-09-15 10:49:48 -06:00
bc21f59ff0
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-09-04 00:21:31 +00:00
1513717eb2
Updating atomics to conform to standard ( #1619 )
...
* Updated format of input_argument types for Url
* Updated type for input_arguments to Url (missed)
* Updating Path type for input_arguments
* Updated String type for input_arguments
* Missed a few Strings and Url types
* Updated default values for input_arguments to align with their types
* Updated Integer type for input_arguments
* Updated formatting and spacing of atomics
2021-09-03 18:20:46 -06:00
36d49de4c8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-24 17:04:33 +00:00
575b36a8e6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-24 15:16:54 +00:00
84f9f9ffdd
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-06-15 15:45:23 +00:00
871a3584b8
Fixed bug in script path ( #1517 )
...
The path was referring to T1595.002 instead of T1082, where the script resides. Due to the moved requested in #1320 and missed.
2021-06-15 09:44:48 -06:00
65510577ca
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-14 11:34:42 +00:00
4578cb3549
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-05-14 11:34:35 +00:00
d4c78db8c4
Update T1082.yaml ( #1435 )
2021-05-14 05:34:01 -06:00
3dfe116ec1
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-09 14:29:43 +00:00
958eea13f4
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-09 14:29:37 +00:00
91eca87002
Update T1082.yaml ( #1421 )
...
Added environmet variables discovery
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-09 08:29:11 -06:00
7ebf7536b8
Separate CI steps so Github status checks can reference the right checks ( #1334 )
...
* Separate CI steps so Github status checks can reference the right checks
* Generate docs from job=generate_docs branch=bb-separate-ci-steps
* Commit GUIDs after generating; require GUIDs before other steps
* Fix config
* Generate GUIDs from job=generate_guids branch=bb-separate-ci-steps
* Generate docs from job=generate_docs branch=bb-separate-ci-steps
* Better wording
* Update config.yml
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-12-16 11:27:51 -07:00
1eaae6d3ce
Added T1082 test 8, Griffon recon advanced tool ( #1320 )
...
* Create T1595.002.yaml
* Added vbscript (griffon recon) for test 1
Script ref. (public gist) https://gist.githubusercontent.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d/raw/55ecbf8f83c36984371a335991f6cf4f2022319b/gistfile1.txt
* added run as priv user
n/a
* removed guid accidentally put in
* removed extra line
* checking syntax final
* remove dependency line
* minor updates to invoke the build process again
* removing elevation required
thanks for that additional review, carrie
* moving to T1082 per review
* adding test 8 (griffon recon)
* create griffon_recon.vbs for test 8
script used here was reduced by security researcher Kirk Sayre (github.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d),
and it gives the exact same recon behavior, hash mentioned in the code, as the original (minus the C2 interaction).
* moving vbs file to T1082 per review
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-12-16 09:19:14 -07:00
910a2a764a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
89f95ec381
Generate docs from job=validate_atomics_generate_docs branch=master
2020-06-19 22:20:31 +00:00
e3dba0cbe2
Pre Req issue fix. ( #1072 )
...
* Check Prereqs error fix
* Check Prereqs error fix in T1046.
* Prereq issue fix.
* Attack command issue fix.
* Extra backslash removed
2020-06-19 16:20:06 -06:00
8a82e9b66a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-06-18 01:57:35 +00:00
24549e3866
Convert to Mitre ATT&CK sub-technique schema ( #1056 )
...
* Initial transfer of atomics to MITRE subtechniques
* Add GUIDs back in, attack_technique to string (#1019 )
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* technique to string and add guids back in
* Subtechnique transfer T1220-T1546.005 (#1020 )
* Create T1222.001.yaml
* Create T1222.002.yaml
* Create T1505.002.yaml
* Update T1543.003.yaml
* Update AtomicService.cs
* Update T1546.005.yaml
* Delete T1222.yaml
* Update T1482.yaml
* Update T1485.yaml
* Update T1220.yaml
* Update T1489.yaml
* Update T1490.yaml
* Update T1496.yaml
* Update T1505.003.yaml
* Update T1505.yaml
* Update T1518.001.yaml
* Update T1518.yaml
* Update T1529.yaml
* Update T1543.004.yaml
* Update T1546.001.yaml
* Update T1546.002.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.002.yaml
* Update T1543.001.yaml
* Update T1518.001.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1531.yaml
* Update T1222.001.yaml
* Update T1222.002.yaml
* Update T1505.002.yaml
* Update T1505.003.yaml
* Update T1518.001.yaml
* Update T1543.001.yaml
* Update T1546.005.yaml
* Update T1546.004.yaml
* Update T1546.003.yaml
* Update T1546.002.yaml
* Update T1546.001.yaml
* Update T1543.004.yaml
* Update T1543.003.yaml
* Update T1543.002.yaml
* added auto_generated_guid 1220
* added T1222.001 auto_generated_guid
* Update T1222.002.yaml
added auto_generated_guid entries
* Update T1482.yaml
auto_generated_guid added
* Update T1485.yaml
added auto_generated_guids
* Update T1489.yaml
added auto_generated_guids
* Update T1490.yaml
added auto_generated_guids
* Update T1496.yaml
added auto_generated_guid
* Update T1505.002.yaml
added auto_generated_guid from old T1505 same atomic
* Update T1505.003.yaml
added auto_generated_guid from previous atomic 1100
* Delete T1505.yaml
no longer needed, moved to 1505.002
* Update T1518.yaml
added auto_generated_guids
* Update T1529.yaml
added auto_generated_guids
* Update T1531.yaml
added auto_generated_guids
* Update T1543.001.yaml
added auto_generated_guid
* Update T1543.002.yaml
added auto_generated_guid
* Update T1543.004.yaml
added auto_generated_guid
* Update T1546.001.yaml
added auto_generated_guid
* Update T1546.002.yaml
added auto_generated_guid
* Update T1546.003.yaml
* Update T1546.004.yaml
added auto_generated_guid
* Update T1546.005.yaml
added auto_generated_guid
* add guids back in
* fix spacing issue
* fix spacing
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Sub-techniques T1053-T1113 - Updates (#1022 )
* Sub-techniques T1053-T1113 - Updates
Updated techniques for sub-techniques.
* minor fixes
format fixing
* Added GUIDs
- Added GUIDs back
- Fixed typo (T1054)
- Fixed attack_technique from an array to a string
* Sub-technique updates T1546.008 through T1574.011 (#1024 )
* sub technique updates
* sub technique updates
* sub technique updates
* Carrie updates (#1017 )
* updated T1110,12,13
* updated T1114
* updated T1114
* updated T1115
* updated T1119
* updated T1123,24
* updated T1127
* updated T1114
* updated T1127
* updated T1132
* T1134.004
* T1134.004
* updated T1135
* updated T1136
* updated T1137
* updated T1140
* remove depracted T1153
* updated T1176
* updated T1197
* updated T1201
* updated T1202
* updated T1204
* updated T1207
* updated T1216
* updated T1204
* updated T1217
* updated T1218
* updated T1218
* updated T1219
* updated T1218
* attack_technique to string
* Subtechnique transfer (#1025 )
* T1003 review
* T1005 manual review changes
* T1027.002 sub-technique review
* T1027.004 sub-technique review
* T1036 sub-technique review
* T1037 sub-technique review
* T1048 sub-technique review
* YAML bugfixes
* Adding auto-generated GUIDs back to tests
* merging with Mike's PR
* Merging with Carrie's PR
* fix spacing
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Subtechnique fix (#1026 )
* add atomic_tests: element
* add atomic_tests: element
* more fixes
* more fixes
* more fixes
* sub technique minor fixes 1 (#1027 )
* fixes
* fixes
* more fixes
* more fixes
* display name fix (#1028 )
* remove some deprecated stuff. reorganize a little (#1031 )
* Gendocs fix (#1033 )
* gendocs updates for subtechniques
* add folders
* ignore auto generated markdown files
* remove tmp files
* add tmp files
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
* navigator layer v3.0
* Generate docs from job=validate_atomics_generate_docs branch=subtechnique_transfer
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
Co-authored-by: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-06-17 12:55:46 -06:00
35c42f2c61
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 17:19:25 +00:00
da779f042d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-06 16:23:43 +00:00
7d63609ea3
Added dependencies and fixed tests for linux and macOS ( #973 )
...
* Added dependencies and fixed tests
* Added description to dependencies.
* Executable presence checked in dependencies
Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-06 10:22:48 -06:00
9d1146ae8a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-04-24 17:39:30 +00:00
94559fc270
T1081 T1082 T1141 T1145 Improvements ( #950 )
...
* improve tests
* fix spelling and prereqs
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-04-24 11:39:05 -06:00
71223b2514
backslash fix for markdown ( #881 )
2020-03-16 08:50:43 -06:00
6ec7d4bcf0
Specify language for markdown code blocks ( #882 )
...
* specify code block type in markdown
* specify code block type in markdown
2020-03-16 08:46:25 -06:00
Atomic Red Team doc generator