5fc22afd72
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-30 20:56:30 +00:00
b43b7a6f07
Update T1056.004.yaml ( #1453 )
...
This parameter is required on systems where no internet explorer is installed, otherwise a parsing error will occur:
curl : The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch
configuration is not complete. Specify the UseBasicParsing parameter and try again.
At line:2 char:1
+ curl https://www.example.com }
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotImplemented: (:) [Invoke-WebRequest], NotSupportedException
+ FullyQualifiedErrorId : WebCmdletIEDomNotSupportedException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-30 14:55:54 -06:00
6bd8fc68e7
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-30 20:53:20 +00:00
6b724298f1
T1562.002_Update ( #1451 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-30 14:53:00 -06:00
5dd066ec61
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-30 20:50:27 +00:00
50f1ea7a06
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-30 20:50:22 +00:00
731a7c9ed6
T1053.005 create SchduledTask using WMI class ( #1434 )
...
* ScheduledTask via WMI
* Fix typos and XML load
* Fix wrong cmdlet name in test name
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-30 14:49:42 -06:00
513b2f7cc9
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-30 20:42:42 +00:00
0379f23997
Take 2 on making psexec a configurable dependency. ( #1450 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-30 14:41:57 -06:00
f9d21d9a0e
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-29 22:44:57 +00:00
7cdea9c925
fix for install and check ( #1452 )
2021-04-29 16:44:35 -06:00
9129ed61a3
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-27 22:21:24 +00:00
e909621a57
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-27 22:21:19 +00:00
6954425558
Update T1046.yaml ( #1436 )
...
* Update T1046.yaml
* Create T1046.py
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-27 16:20:51 -06:00
b47fde5ba6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-27 22:17:12 +00:00
f0dc61911a
changed calc to notepad for T1055.012 ( #1437 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-27 16:16:42 -06:00
650a5b6c27
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-27 21:59:00 +00:00
6806b2ccc1
T-1562.004_Test6_Update ( #1448 )
...
* T-1562.004_Test6_Update
* add force to the copy command
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-27 15:58:37 -06:00
dcd84948b0
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-27 21:51:10 +00:00
dac15a5494
Fix #1443 ( #1445 )
...
* Fixes #1443 with updated URL to wireshark.
* Added npcap dependency
* Whitespace *sigh*
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-27 15:50:49 -06:00
f32bcc822c
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-27 21:44:44 +00:00
86b0d22094
T1078.001 make guest account configurable ( #1447 )
...
* Autocommit of generated test
* Fixed dependecy for psexec so the tool can be automatically downloaded.
* Delete T1036.002.yaml
* Fix #1446
* Delete T1021.002.yaml
Shouldn't appear in this branch...
2021-04-27 15:44:21 -06:00
7f899892ec
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-26 20:51:00 +00:00
59d69167b7
Fixed an issue where -CheckPrereqs could not create the required files. ( #1439 )
2021-04-26 14:50:18 -06:00
7210a9b02f
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-19 17:50:30 +00:00
c14c0357dc
[OSCD Sprint #2 ] Final Pull Request / Summary ( #1431 )
...
* Updating T1016 to include macos firewall enumeration
* Tests added
* standardize display name
* Add tests for T1134.001 Access Token Impersonation/Theft (#1236 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* adding socketfilterfw and cleaning up description formatting, adding description details
* Changing to device manufacturer based test
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Add test for T1006 Direct Volume Access (#1254 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] T1036.004: Masquerade Task or Service - 2 tests (#1253 )
* T1036.004 - 2 tests added
* Update T1036.004.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* T1136.002 - 2 tests added (#1252 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] Create atomic test for T1113 for Windows (#1251 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* update T1564.002
* update T1564.002
* add Gatekeeper disable; add cleanup for security tools disable; add another launchagent for carbon black defense; remove Gatekeeper disable command from Gatekeeper bypass technique
* Added T1562.006 tests to emulate indicator blocking by modifying configuration files
* split linux and macos tests for TT1518.001; update processes list
* Update T1518.001.yaml
* Removed prereq and fixed command endings
* Indirect command execution - conhost (#1265 )
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* [OSCD] Office persiststence : Office test (#1266 )
* Office persiststence : Office test
* Added technique details
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Remove index files to avoid CI complaints.
* Grr
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Update T1518.001.yaml
* [OSCD] Adding T1547.010 (#1264 )
* Port monitor addition
* Rename T1547.010.yml to T1547.010.yaml
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Generate docs from job=validate_atomics_generate_docs branch=oscd
* Fixed typos in test names
Co-authored-by: remotephone@gmail.com <remotephone@gmail.com >
Co-authored-by: haresudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
Co-authored-by: gregclermont <580609+gregclermont@users.noreply.github.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carl <57147304+rc-grey@users.noreply.github.com >
Co-authored-by: mrblacyk <kweinzettl@gmail.com >
Co-authored-by: sn0w0tter <42819997+sn0w0tter@users.noreply.github.com >
Co-authored-by: Yugoslavskiy Daniil <yugoslavskiy@gmail.com >
Co-authored-by: yugoslavskiy <daniil@yugoslavskiy.com >
Co-authored-by: omkargudhate22 <36105402+omkar72@users.noreply.github.com >
Co-authored-by: Keith McCammon <keith@redcanary.com >
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com >
2021-04-19 11:49:59 -06:00
9f9eed13ea
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-19 17:35:02 +00:00
83510cb71c
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-19 17:34:57 +00:00
2c21e810c1
Add T1491.001 ( #1429 )
...
* Add T1491.001
Adding new atomic for T1491.001 - Defacement: Internal Defacement
Uses PowerShell to download image and sets it as the desktop wallpaper.
Additionally, script will create a file holding the location to the original wallpaper image and restore it during cleanup.
Confirmed operational on Windows 10.
* Update T1491.001.yaml
Adding formatting changes
* Update T1491.001.yaml
Adding a few additional formatting changes.
2021-04-19 11:34:37 -06:00
3563a38fc8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-18 03:57:42 +00:00
aebaa03a44
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-18 03:57:37 +00:00
8af0006607
Test for T1221 Remote Template Injection ( #1424 )
...
* Test for T1221 Remote Template Injection
* Update T1221.yaml
* Update T1221.yaml
* Update T1221.yaml
* Update T1221.yaml
* Update T1221.yaml
* Create readme.txt
* Files to complete this test.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-17 21:57:22 -06:00
393890982c
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-18 03:28:58 +00:00
0a6ee1aac7
Use wildcard '*' for .NET path ( #1430 )
...
This way the test will be valid for future release of .NET.
It has already jump from 5.0.3 to 5.0.5 while I was building this test.
2021-04-17 21:28:35 -06:00
c95a59500a
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-16 05:23:21 +00:00
330e495c51
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-16 05:23:16 +00:00
f8e0e5b85f
T1036 ( #1428 )
...
* Create tempt.txt
* Add new T1036 test
* Delete tempt.txt
2021-04-15 23:22:56 -06:00
bf51ec7773
Remove a ' in the Display name ( #1427 )
2021-04-15 19:47:20 -06:00
2100c71cd8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-16 01:40:47 +00:00
67d126df9b
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-16 01:40:42 +00:00
07b9953659
T1137 and t1003.001 ( #1426 )
...
* Add a test for T1003.001 and T1137
* Fix some errors in T1003.001
* Update spacing
2021-04-15 19:40:20 -06:00
e460fe7bd4
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-15 22:53:22 +00:00
db117e55cf
Update T1133.yaml ( #1417 )
...
* Update T1133.yaml
Wont need chrome on path, start-proc location was in x86?
* remove program files ambiguity
* put extensions ids back
* Update T1133.yaml
* Update T1133.yaml
* Update T1133.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-15 16:52:49 -06:00
3dfe116ec1
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-09 14:29:43 +00:00
958eea13f4
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-09 14:29:37 +00:00
91eca87002
Update T1082.yaml ( #1421 )
...
Added environmet variables discovery
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-04-09 08:29:11 -06:00
c32fa3af4f
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-08 17:48:04 +00:00
dfa1c271f8
programatically determine location of protocolhandler ( #1420 )
2021-04-08 11:47:25 -06:00
3f103f9603
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-04-08 14:34:34 +00:00
4fb4525bf3
small correction to handle cmd/ps executors ( #1419 )
2021-04-08 08:34:04 -06:00
CircleCI Atomic Red Team doc generator