security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,828 Commits 47 Branches 0 Tags
531dc622efe00a63fee9dfb285dc997a9b26ca66
Commit Graph

2830 Commits

Author SHA1 Message Date
frack113 531dc622ef T1555.003 Test 8 Add python prereq (#1883) 
* Add python prereq

* typo fix

Co-authored-by: Jose Enrique Hernandez <josehelps@gmail.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:42:11 -06:00
Atomic Red Team doc generator ab5e560865 Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:38:56 +00:00
Atomic Red Team GUID generator 3b7d1a9d19 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-28 01:38:52 +00:00
Rich5 da3488b3b7 Added Invoke-WMIExec Pass the Hash (#1896) 
* Added Invoke-WMIExec Pass the Hash

* Update T1550.002.yaml

Updated with permanent link

Co-authored-by: Richard Kelley <richard.kelley@qomplx.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:38:25 -06:00
Atomic Red Team doc generator b194729422 Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:37:14 +00:00
Atomic Red Team GUID generator 22cfe0ad49 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-28 01:37:10 +00:00
Rich5 e51a12089e Added Crafting Active Directory silver tickets with mimikatz (#1897) 
* Added Crafting Active Directory silver tickets with mimikatz

* Update T1558.002.yaml

Co-authored-by: Richard Kelley <richard.kelley@qomplx.com>
Co-authored-by: Jose Enrique Hernandez <josehelps@gmail.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:36:42 -06:00
Atomic Red Team doc generator 667cfa7daa Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:34:38 +00:00
Atomic Red Team GUID generator 96fb67db9f Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-28 01:34:33 +00:00
Rich5 0edf9b8609 Added Injection SID-History with mimikatz (#1898) 
* Added Injection SID-History with mimikatz

* Update T1134.005.yaml

Changed elevation_required to true

* remove guid

Co-authored-by: Richard Kelley <richard.kelley@qomplx.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:34:07 -06:00
Atomic Red Team doc generator dd97f407ad Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:22:28 +00:00
Atomic Red Team GUID generator 292fcfab98 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-28 01:22:24 +00:00
Rich5 53d54747ec Added Password Change on Directory Service Restore Mode (DSRM) Account (#1899) 
* Added Password Change on Directory Service Restore Mode (DSRM) Account

* remove guid so unique one can be auto-assigned

Co-authored-by: Richard Kelley <richard.kelley@qomplx.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:21:55 -06:00
Atomic Red Team doc generator c7417ac40b Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:17:34 +00:00
Atomic Red Team GUID generator 04913e6441 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-28 01:17:28 +00:00
Leo Verlod 1e9f1a4c38 Adding T1539 Test 2 - Steal Chrome Cookies (#1901) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:17:03 -06:00
Atomic Red Team doc generator e406fe0a0f Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:16:26 +00:00
Jathan-McDaniel 4e7044e077 T1055.001 improvement (#1902) 
Co-authored-by: McDaniel <jmcdan@NTI.local>
Co-authored-by: Jose Enrique Hernandez <josehelps@gmail.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:15:57 -06:00
Atomic Red Team doc generator 724cb3f50d Generated docs from job=generate-docs branch=master [ci skip] 2022-04-28 01:14:49 +00:00
Atomic Red Team GUID generator b196333caf Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-28 01:14:45 +00:00
David McKennirey 0ddf5d32aa Add Atomic tests for disabling .NET ETW tracing (#1903) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-27 19:14:22 -06:00
Atomic Red Team doc generator db4ca085fc Generated docs from job=generate-docs branch=master [ci skip] 2022-04-27 17:08:17 +00:00
Atomic Red Team GUID generator 94fb215b94 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-27 17:08:13 +00:00
zspadoni28 ac8cd38038 Adding T1562.006 Test Number 3 (#1900) 
Adding test #3 to simulate the removal of the Powershell provider ETW telemetry source.
 2022-04-27 11:07:43 -06:00
Atomic Red Team doc generator 7fa5d45acd Generated docs from job=generate-docs branch=master [ci skip] 2022-04-26 21:46:46 +00:00
Atomic Red Team GUID generator 00dd1f82a3 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-26 21:46:41 +00:00
Jose Enrique Hernandez 154ad8eeed Merge branch 'master' into patch-4 2022-04-26 17:43:18 -04:00
Atomic Red Team doc generator 059297cef5 Generated docs from job=generate-docs branch=master [ci skip] 2022-04-26 21:42:55 +00:00
Atomic Red Team GUID generator 30d17c913b Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-04-26 21:42:51 +00:00
Jose Enrique Hernandez 7ea76fd811 Merge branch 'master' into T1615jesseee 2022-04-26 17:37:30 -04:00
Jose Enrique Hernandez 6eec2463d2 Merge branch 'master' into patch-4 2022-04-26 17:35:20 -04:00
Atomic Red Team doc generator 83b0409004 Generated docs from job=generate-docs branch=master [ci skip] 2022-04-26 20:43:33 +00:00
Carrie Roberts 619b57ab6d Merge branch 'master' into T1615jesseee 2022-04-26 13:47:44 -06:00
jovial7 1f56b44eb4 update execution command 2022-04-26 13:22:02 -05:00
Carrie Roberts b9dc4d420e Merge branch 'master' into patch-4 2022-04-26 10:50:38 -06:00
jovial7 4e6ac8d945 Add new test 
New test to Kill antimalware protected processes using Backstab
 2022-04-26 11:45:58 -05:00
Carrie Roberts ab620dbbf3 use raw url so you get a functional script 2022-04-26 10:44:23 -06:00
Jesse Moore aa18e31b48 This is for the Challenge Bounty -Group Policy Discovery on Windows 2022-04-24 20:41:07 -07:00
CircleCI Atomic Red Team doc generator e961f7eaef Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-22 13:55:19 +00:00
Swapnil 7674d89a85 a quick fix for a non-conformant variable (#1881) 
* a quick fix for a non-conformant variable

* Update T1574.006.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-22 07:54:55 -06:00
CircleCI Atomic Red Team doc generator 696325f10a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-21 23:09:42 +00:00
Swapnil d0fe7eb07f Fix Test for T1027.004 (#1870) 
* Fix Test for T1027.004

Updated the input files corresponding to each test to right extension
Changed the executor from powershell to sh

* Fix get_prereq_commands

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-21 17:09:17 -06:00
CircleCI Atomic Red Team doc generator a089e2f7ec Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-20 02:40:38 +00:00
CircleCI Atomic Red Team GUID generator 36248625a9 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-20 02:40:32 +00:00
Leo Verlod ecf15d4e60 Adding T1219 Test 7 - RemotePC Executable Ran (#1879) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-19 20:40:09 -06:00
CircleCI Atomic Red Team doc generator a318c6135b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-20 02:37:47 +00:00
abulyaev 0e67932ccf T1546.012: change target_binary path (#1878) 
Co-authored-by: abuly <abulyaev@yan.ru>
 2022-04-19 20:37:22 -06:00
CircleCI Atomic Red Team doc generator 8b4fd77d4a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-18 17:40:36 +00:00
CircleCI Atomic Red Team GUID generator bb740ee53b Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-04-18 17:40:31 +00:00
Leo Verlod 73ba251295 Adding T1555.003 Test 8 - Firepwd.py (#1871) 
* Adding T1555.003 Test 8 - Firepwd.py

This test launches Firepwd.py, which is a password stealing tool for Firefox.

* use github permanent url

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-04-18 11:40:00 -06:00