security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,445 Commits 47 Branches 0 Tags
5259c936c1f26f7ff162ca00640db226bc09aed0
Commit Graph

1445 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andras32 5259c936c1 Updated T1002 (#655) 2019-11-14 20:37:26 -07:00
CircleCI Atomic Red Team doc generator ddadfbb3bf Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-14 22:57:31 +00:00
Brandon Morgan e93ed496ac default pid set to spoolsv (#656) 2019-11-14 15:57:07 -07:00
Michael Haag 41ca40f457 Broken URL (#661) 
* Broken URL

Fixed broken url for test 1

* Generate docs from job=validate_atomics_generate_docs branch=t1085fix
 2019-11-14 15:30:19 -06:00
CircleCI Atomic Red Team doc generator 9980382b3d Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-14 21:11:25 +00:00
fabamatic 9530b27936 T1085 deleting wrong "extra" quotation mark (#652) 
There are 5 quote symbols in a  single command. Executing the given command generates a JScript error "Unterminated string constant"
Deleting the extra quote causes the command to correctly open notepad.exe
 2019-11-14 14:10:57 -07:00
Tony M Lambert fdd2927285 T1216 Added tests for proxied script execution (#627) 
* Added script proxy tests

* Generate docs from job=validate_atomics_generate_docs branch=t1216_tests

* Moving command

* Generate docs from job=validate_atomics_generate_docs branch=t1216_tests
 2019-11-14 14:07:28 -07:00
Tony M Lambert d6f8628818 T1485 Test to delete backup files similar to Ryuk (#659) 
* T1485 Test to delete backup files similar to Ryuk

* Generate docs from job=validate_atomics_generate_docs branch=t1485-del-backups
 2019-11-14 14:06:09 -07:00
Michael Haag e8d584cb5c T1085 - Atomic Friday (#660) 
* Atomic Friday - T1085 Adds

Atomic Friday - T1085 Adds

* Generate docs from job=validate_atomics_generate_docs branch=T1085

* Atomic Friday - Ready

Atomic Ready!

* Generate docs from job=validate_atomics_generate_docs branch=T1085
 2019-11-14 15:04:08 -06:00
Tony M Lambert 5a0e4482dd T1089 Disable Arbitrary Security Service (#658) 
* T1089 Disable Arbitrary Security Service

* spelling is hard

* Generate docs from job=validate_atomics_generate_docs branch=1089-service
 2019-11-14 13:46:42 -07:00
Tony M Lambert 08c4b265be T1077 PsExec Test (#657) 
* T1077 PsExec Test

* Generate docs from job=validate_atomics_generate_docs branch=t1077
 2019-11-14 13:43:23 -07:00
CircleCI Atomic Red Team doc generator dce95a96da Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-14 06:15:58 +00:00
Luminous-InfiniTom c36b28eef8 Added cleanup command for fax binary (#654) 2019-11-13 23:15:34 -07:00
CircleCI Atomic Red Team doc generator 5dbf1b7864 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-13 23:42:50 +00:00
bmorgan-code b22483e2f1 T1090 add proxy reg key (#653) 
Adds a registry key to set up a proxy on the endpoint at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4
 2019-11-13 16:41:46 -07:00
CircleCI Atomic Red Team doc generator 406b4a1f77 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-13 00:52:25 +00:00
Brian Thacker 3fdc8ee7de Cleanup test 6, 7 (#648) 
Changing default value from env:SystemRoot to env:Temp. By default, user can write to systemroot temp directory but cannot execute the cleanup commands. Correcting typo scvhost to svchost.
 2019-11-12 17:51:57 -07:00
CircleCI Atomic Red Team doc generator 9412dc71f4 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-13 00:50:03 +00:00
Andrew Beers 95f0e151ea create simple sdb file (#649) 2019-11-12 17:49:38 -07:00
CircleCI Atomic Red Team doc generator 52d472a70c Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 22:09:07 +00:00
Gomezz6 fb4c322761 Added cleanup commands for test 1 & 2 (#651) 
Also changed the default process for test 3 to spoolsv.exe because this exists by default on all machines.
 2019-11-12 15:08:47 -07:00
Andras32 e7e3b5f343 ++ before check (#650) 2019-11-12 13:16:04 -07:00
CircleCI Atomic Red Team doc generator e5da8a341a Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 07:37:40 +00:00
Andrew Beers aa0aca3b2e T1070 delete system logs using power shell (#642) 
* stop eventlog service and delete Security.evtx logs

* add tests

* fix format error

* try 2 fix formatting
 2019-11-12 00:37:19 -07:00
CircleCI Atomic Red Team doc generator 0a1f37aa54 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 07:26:51 +00:00
Andrew Beers da90ca6563 T1036 malicious process masquerade as lsm (#637) 
* create test, fix lined endings

* fix elevation requried

* fix file path

* fix formatting for circleci test

* misspelling
 2019-11-12 00:26:37 -07:00
Andrew Beers c3183a36fa remove development section, Carrie's new instructions cover it (#638) 2019-11-12 00:21:34 -07:00
CircleCI Atomic Red Team doc generator d5217939c7 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 07:09:21 +00:00
dwhite9 df73365c8a Updated executor to powershell and updated command syntax. (#635) 2019-11-12 00:08:58 -07:00
derekenjibowden c6ea937fb4 Fix show details bug (#647) 
check prereqs with -showdetails was executing the prereq command instead of showing the details
 2019-11-11 23:26:33 -07:00
CircleCI Atomic Red Team doc generator 7a26c61e28 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 05:57:19 +00:00
derekenjibowden 108cf663a8 Insert cleanup_command for test 2 (#646) 2019-11-11 22:56:53 -07:00
CircleCI Atomic Red Team doc generator 49f98f60ce Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 05:22:40 +00:00
seraran005 bf7bc47752 Separated out Cleanup Commands (#645) 2019-11-11 22:22:17 -07:00
Andras32 6c3da68741 Multi platform invoke art (#641) 
* Non-Windows OS Support

Added OS Identification to determine tests to run
Added SH and Bash executors for Linux and MacOS
Changed some Print statement oddities in ART
Updated Installation script to work on non-windows machines

* Updated Documentation

Edited the readme to be more OS neutral
Added information for the -force option in the installer
Added instructions for downloading powershell core on Mac and Linux

* Last Bugs

added chown to install script

* Install -force test install path

if (Test-Path $InstallPath){ Remove-Item -Path $InstallPath -Recurse -Force -ErrorAction Stop | Out-Null }

* minor changes 

Write-Host error messages
Installer - Import-Module $modulePath -Force

* Chown weird on MacOS

chown -R $env:SUDO_USER $InstallPath

* README edits

clearing up $home $homedrive shenanigans

* \n in mardown issues

* Readme edits #2
 2019-11-11 14:26:23 -07:00
Tony M Lambert 26e0f443b9 T1170 remote hta (#633) 
* T1170 Remote HTA test

* Generate docs from job=validate_atomics_generate_docs branch=t1170-remote-hta
 2019-11-11 07:45:07 -07:00
CircleCI Atomic Red Team doc generator 5332936f8f Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-11 01:55:17 +00:00
Carrie Roberts 36188490dc removed duplicate 'atomic_tests:' key (#631) 2019-11-10 19:54:57 -06:00
Andrew Beers 8e8222e06a add invoke-atomictest to main page readme (#629) 
* add invoke-atomictest to main page readme

* add instructions for running it more smoothely when cloned form github

* Update README.md

* Update README.md
 2019-11-10 19:53:12 -06:00
Tony M Lambert 6ea465cf61 Fixed URL for Install-AtomicRedTeam (#632) 2019-11-10 18:43:28 -07:00
CircleCI Atomic Red Team doc generator eb9f0fbcd6 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-09 02:14:44 +00:00
Brian Thacker 940b93af67 Added two more generic tests to T1036: test 6 and test 7. Test 6 meant to masquerade non-windows exes as real windows exes. Test 7 meant to masquerade windows exes as other windows exes. Added cleanup and input arguments logic to test 6 and 7. Added a generic executable for testing masquerading a non-windows exe as a windows exe. Added source files used for creating the executable in the T1036\bin folder. (#617) 2019-11-08 19:14:13 -07:00
CircleCI Atomic Red Team doc generator 7f62513b8e Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-09 02:07:46 +00:00
fabamatic 60b045eb3c T1028 fixing parameter in powershell Invoke-Command (#630) 
* T1028 fixing named parameter in Invoke-Command

Changing computer_name for correct parameter ComputerName

* FT1028 fixing ComputerName parameter in .yaml
 2019-11-08 19:07:27 -07:00
CircleCI Atomic Red Team doc generator fa1f9d95dc Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-09 02:03:33 +00:00
fabamatic 2b9b99adcc T1022 parameters that can actually be parsed by windows command prompt (#626) 2019-11-08 19:03:10 -07:00
Tony M Lambert e2309b30af T1218 proxied binary execution tests (#628) 
* Added proxied binary execution tests

* Generate docs from job=validate_atomics_generate_docs branch=t1218_tests
 2019-11-08 18:57:19 -07:00
Carrie Roberts a611d8926b Expanding the Execution Frameworks Read me (#619) 
* updating execution-frameworks readme

* updating execution-frameworks readme
 2019-11-08 11:59:05 -06:00
Carrie Roberts ed5f9deccc remove deprecated code (#620) 2019-11-08 11:58:07 -06:00
Carrie Roberts c53e73ed96 Readme documents required Import-Module command (#622) 
* notes on importing module

* notes on importing module
 2019-11-08 11:57:08 -06:00