security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,206 Commits 47 Branches 0 Tags
40ceeff8d9d953cdc41e9c924e0ec00a20609a47
Commit Graph

4206 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
FenQiDian ab4c68b970 Execute powershell with "-Command -" arguments. Tell powershell to read scripts from stdin. (#727) 2019-12-17 23:09:02 -07:00
Tony M Lambert f51c26ab5f Revert "Added WCE executable to test 3 (Windows Credentials Editor)" (#728) 
* Revert "Added WCE executable to test 3 (#720)"

This reverts commit 9006f3c581.

* Generate docs from job=validate_atomics_generate_docs branch=revert-720-T1003_WCEUpdate
 2019-12-17 09:45:42 -06:00
CircleCI Atomic Red Team doc generator b18c5a498d Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-17 00:05:19 +00:00
FenQiDian 3750c092bc Add "#" before file_extension argument (#726) 2019-12-16 17:04:56 -07:00
CircleCI Atomic Red Team doc generator c34176e00b Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-17 00:03:42 +00:00
Andrew Beers 4364411ff4 update tests (#725) 2019-12-16 17:03:20 -07:00
CircleCI Atomic Red Team doc generator cf15882964 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-17 00:02:40 +00:00
dwhite9 df12b3792b This is to add a new atomic for windows that uses curl instead of (#724) 
powershell for testing in environments that do not have powershell
logging enabled (such as ours).

It will be nearly identical to the "Malicious User Agents - Nix*"*
atomic.
 2019-12-16 17:02:02 -07:00
CircleCI Atomic Red Team doc generator 1ea8c4616c Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-17 00:00:29 +00:00
Andrew Beers 6defb7663c Improve More Tests (#723) 2019-12-16 17:00:10 -07:00
CircleCI Atomic Red Team doc generator 4016e55313 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-16 23:57:19 +00:00
Mr B0b e57e2065e5 Add test for T1093 that performs Process Hollowing (#722) 2019-12-16 16:56:48 -07:00
CircleCI Atomic Red Team doc generator 9643ba9969 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-16 23:54:21 +00:00
Andrew Beers f39c39b29a Batch of improvements (#721) 
* another batch of improvements

* delete duplicate test, extra cleaining pass

* Improve Tests

* Delete test that is way to specific to be usefull
 2019-12-16 16:54:01 -07:00
CircleCI Atomic Red Team doc generator 86759f1971 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-16 23:51:26 +00:00
blackburnjrb 9006f3c581 Added WCE executable to test 3 (#720) 2019-12-16 16:51:04 -07:00
CircleCI Atomic Red Team doc generator e396eb9f63 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-16 21:20:43 +00:00
Micheal Fleck de8df502af T1518 software discovery added test, cleanup (#718) 
* New test, spelling fix

Added a test for all software installed and minor spelling fix

* Spelling
 2019-12-16 14:20:02 -07:00
Carrie Roberts b85fe323b8 fix default PathToAtomicsFolder (#719) 2019-12-11 19:20:00 -07:00
CircleCI Atomic Red Team doc generator b5224846d5 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-10 22:22:06 +00:00
Mr B0b 23d49d8108 Add test for T1502 that performs Parent PID Spoofing (#708) 2019-12-10 15:21:34 -07:00
CircleCI Atomic Red Team doc generator e11b77f02f Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-10 18:22:55 +00:00
Micheal Fleck 3293e54771 New test, spelling fix (#717) 
Added a test for all software installed and minor spelling fix
 2019-12-10 11:22:30 -07:00
CircleCI Atomic Red Team doc generator fbda422009 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-10 18:19:40 +00:00
Andrew Beers 0c5bcef840 Batch of improvements (#716) 
* another batch of improvements

* delete duplicate test, extra cleaining pass
 2019-12-10 11:19:19 -07:00
CircleCI Atomic Red Team doc generator 890099be35 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-10 14:18:39 +00:00
Andrew Beers 0544e5e777 add psexec test (#713) 
* add psexec test

* fix misspelling

* fix misspelling for real this time

* add prereq command
 2019-12-10 07:18:26 -07:00
CircleCI Atomic Red Team doc generator bf4c7559d0 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-10 13:51:22 +00:00
Andrew Beers 48ef8edee0 Improve tests (#715) 
* continue work

* remove duplicate test, this is also in 1023

* update more tests

* cleaning pass
 2019-12-10 06:51:01 -07:00
CircleCI Atomic Red Team doc generator 7eca6e24e4 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-09 23:08:11 +00:00
Brian Thacker b943e4435e Corrected typo T1087 (#709) 
Corrected test: Enumerate all accounts via PowerShell
get-localgroupmembers -group Users -> get-localgroupmember -group Users
 2019-12-09 16:07:53 -07:00
CircleCI Atomic Red Team doc generator dc9b9e60dd Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-09 23:02:14 +00:00
Brian Thacker 5256d3ada1 Update Syntax T1040 (#710) 
Windows' tests not running because of space in "Program Files".  Added quotes to fix this. PowerShell not running exes by default.  Added call operator (&) to force this.
 2019-12-09 16:01:56 -07:00
CircleCI Atomic Red Team doc generator 08dc1f0066 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-09 23:00:45 +00:00
Brian Thacker 0c18a6ce98 T1069 Typo correction (#711) 
Small typo. Changed get-ADPrinicipalGroupMembership to get-ADPrincipalGroupMembership.
 2019-12-09 16:00:30 -07:00
CircleCI Atomic Red Team doc generator dbb75a50e1 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-05 20:17:37 +00:00
JimmyAstle 5996ff29dc Update to T1053 to add Register-ScheduledTask (#707) 
New atomic test to include Register-ScheduledTask:
https://docs.microsoft.com/en-us/powershell/module/scheduledtasks/register-scheduledtask?view=win10-ps
 2019-12-05 13:17:18 -07:00
Fabricio Brunetti 8b61643f7f Python framework: Fix multiline powershell scripts (#706) 
This fix is for many powershell based tests that have multiple lines, often setting variable names (some of them are T1101, T1098, T1084 and many more).
 2019-12-03 12:49:57 -07:00
CircleCI Atomic Red Team doc generator 9a7998a576 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-03 19:48:22 +00:00
Mr B0b b69ad5f987 T1500 compile after delivery (#700) 
* Add test for T1073 that does DLL Side-Loading using the Notepad++ GUP.exe binary

* Add test for T1143 that launches a hidden PowerShell Window

* Add test for T1500 that compiles C# code using csc.exe binary

* Add cleanup command for T1500 Compile_After_Delivery

* Add cleanup command for T1143-Hidden_Window

* Add cleanup command for T1073-DLL_Side-Loading
 2019-12-03 12:48:04 -07:00
CircleCI Atomic Red Team doc generator 7232ea1789 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-03 19:45:46 +00:00
Micheal Fleck 01757e0df0 Added cleanup commands to cleanup hive files created. (#703) 
* Added cleanup commands to cleanup hive files created.

* Updated test to have non-ART folder output

Updated test to have a folder other than the Atomic Red Team location for the saving of results(.hive files). Updated the cleanup to reflect the change in the test. Placed folder creation at the beginning so that the o
 2019-12-03 12:45:22 -07:00
CircleCI Atomic Red Team doc generator 00972d1fc7 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-02 16:54:49 +00:00
Andrew Beers da80cf8259 fix tests (#701) 2019-12-02 09:54:21 -07:00
CircleCI Atomic Red Team doc generator 34b28a50d4 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-02 16:52:03 +00:00
Andrew Beers c2e01cdb48 Fix Path To Document (#702) 2019-12-02 09:51:51 -07:00
CircleCI Atomic Red Team doc generator 7ea2f1e0a0 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-02 16:39:23 +00:00
dwhite9 bb945c8d61 T1088 mocking trusted directories - New Atomic (#704) 
* Created rough draft for new atomic: T1088 - UAC Bypass via Mocking
Trusted Directories.

* Fixed typo in Mocked directory. Tested cleanup commands successfully.

* Fixed path of cleanup command to match change in directory of primary
command.
 2019-12-02 09:39:07 -07:00
CircleCI Atomic Red Team doc generator 380a113809 Generate docs from job=validate_atomics_generate_docs branch=master 2019-12-02 16:37:13 +00:00
dwhite9 42280e035a T1088- Added cleanup commands (#705) 
* Added cleanup commands to the other atomic tests.

* Fixed cleanup command for the command_prompt version of "Bypass UAC using Fodhelper"
 2019-12-02 09:36:43 -07:00