576d92a4dc
fix prerequisite check for compile step
2022-11-04 16:46:04 -05:00
3e33f6c7c2
add missing prereq
2022-10-31 13:26:35 -05:00
721db0d11e
Add T1547.006 kernel module load and unload tests for MacOS
2022-10-31 12:16:16 -05:00
6f0df94b1d
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-28 17:46:40 +00:00
a317977c6b
Update T1056.001.yaml ( #2208 )
...
* Update T1056.001.yaml
fix bug: "Input Capture" of T1056.001 not download poweshel script
* update url
I updated the URL to point to the "raw" ps1 file instead of the html page showing the preview. Also removed the input arg for the PS1 since the attack commands call the script directly and don't use the input argument. Also, not likely that users will need to modify that input arg so leaving it out for clarity. Chose to give the full path to the ps1 script in the attack commands instead of changing directories first.
* Update T1056.001.yaml
* Update T1056.001.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-28 12:46:13 -05:00
69ff63cbeb
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-28 17:03:36 +00:00
0d4be0fcdc
Update T1070.003.yaml ( #2209 )
...
In this command "Set-PSReadLineOption -HistorySaveStyle SaveIncrementally",The "–" correct is "-"
2022-10-28 12:02:59 -05:00
c434c577af
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:35:40 +00:00
4fffd2bd92
add dependency executor since it is different than attack cmds ( #2203 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-27 14:35:07 -06:00
fd90991054
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:17:13 +00:00
d3f49a0913
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-27 20:17:07 +00:00
066d82351c
New AutoDial DLL persistence atomic ( #2207 )
...
* New AutoDial DLL persistence atomic
* Update T1546.yaml
2022-10-27 14:16:38 -06:00
a3f9a79d63
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 17:12:15 +00:00
74a13a8b92
Merge pull request #2206 from redcanaryco/isofix
...
Update T1553.005 - Runs lnk now
2022-10-27 10:11:38 -07:00
93c92d10b2
Update T1553.005 - Runs lnk now
2022-10-27 11:03:58 -06:00
e149cf9df2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-26 15:13:43 +00:00
dba79489fb
Incomplete Process Termination Process ( #2205 )
...
The Notepad process was not terminating after the command execution
Line Added:
taskkill /im notepad.exe /t /f > NUL 2>&1
The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
2022-10-26 09:13:05 -06:00
aa218974e7
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-25 00:18:35 +00:00
d29652b752
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-25 00:18:27 +00:00
ba34e45163
Merge pull request #2197 from redcanaryco/aws_password_spray
...
AWS - Password Spray an AWS using GoAWSConsoleSpray
2022-10-24 17:17:49 -07:00
8b43cf51f7
Merge branch 'master' into aws_password_spray
2022-10-24 17:16:55 -07:00
e4844d7576
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:27:34 +00:00
890607b6fe
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:27:28 +00:00
f710d57e40
T1547.004 new hklm tests ( #2196 )
...
* Created 3 copies of the original HKCU tests but on HKLM
Committer: Thomas De Brelaz <thockoro@hotmail.com >
* Removed Notify tests, no longer supported in win10 and the tests were broken due to missing dll prerequisite
* re-added notify test
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:27:01 -06:00
4787dc43e9
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:19:18 +00:00
b1048a588d
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:19:11 +00:00
638ba68ee6
Tccontre patch 1 ( #2200 )
...
* Update T1124.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1016.yaml
* Update T1016.yaml
* update test name
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:18:40 -06:00
b9aebd1c0e
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-21 02:18:13 +00:00
f3a038ca78
Remove trailing \ from web_shells default path ( #2199 )
...
xcopy doesn't work when there is a trailing \ in a path.
default: PathToAtomicsFolder\T1505.003\src\ caused the "Invalid path" error
Removing the trailing \ fixes the issue
2022-10-20 20:17:29 -06:00
3927202872
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-20 21:47:35 +00:00
80be4123cd
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-20 21:47:29 +00:00
0d4622f4e8
Update T1564.yaml ( #2198 )
2022-10-20 15:46:58 -06:00
dfd1f668af
adding atomic
2022-10-19 16:16:08 -07:00
27f8de3193
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 16:13:48 +00:00
f10bb08817
fix dir creation ( #2194 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-19 10:13:16 -06:00
99f4231d0b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:43:05 +00:00
dd82e78da7
Merge pull request #2099 from chronolator/T1201_Improved
...
T1201_Improved
2022-10-18 21:42:37 -04:00
9c3f3e6b9e
Merge branch 'master' into T1201_Improved
2022-10-18 21:41:30 -04:00
69028837c2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:28:38 +00:00
7b1e347a4d
Update T1014.md because of typo at Test number 3 (yaml corrected) ( #2189 )
...
ld.so.preload instead of ls.so.preload
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:28:00 -06:00
2be544c1d5
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:26:46 +00:00
a865221e1a
Minor edits to test number 2 ( #2190 )
...
Separated reference URLs in description section with commas ','
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:26:16 -06:00
ff1a5cf07b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:25:12 +00:00
0f6a242985
T1106_update ( #2192 )
...
* T1106_update
* typo fix
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:24:39 -06:00
3802eaffdf
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:22:59 +00:00
e3cb7dbc2b
T1105_update ( #2191 )
...
* T1105_update
* Update the syntax issue
* typo fix
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:22:14 -06:00
825c959f98
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-18 16:52:04 +00:00
da55a259c9
Fix T1098.004 ( #2193 )
...
Fix for systems with multiple authorized keys. Without quotes, the echo command separates new lines with space instead of new line character which breaks authorized_keys file in case there are multiple keys in the file.
2022-10-18 10:51:15 -06:00
4abb614556
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-17 16:47:12 +00:00
0d7ea66552
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-17 16:47:06 +00:00
packetzero