security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,324 Commits 47 Branches 0 Tags
6000965b1e25f57582fdb43093cfb400a1067a7c
Commit Graph

2324 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cnotin 6000965b1e T1028 "Windows Remote Management": split in several techniques 
Fixes #1042
 2020-09-18 15:57:11 +02:00
CircleCI Atomic Red Team doc generator d68a57842a Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-16 13:57:33 +00:00
Matt Graeber 4dc60fe603 Merge pull request #1224 from clr2of8/remove-fp-weakness 
Remove File System Permissions Weakness atomic test
 2020-09-16 09:57:12 -04:00
clr2of8 8fed41ac02 removing test 2020-09-16 07:50:24 -06:00
Amine Taouirsa cebd539a36 Update T1218.011.inf (#1223) 
Convert to Mitre ATT&CK sub-technique schema
 2020-09-16 07:29:43 -06:00
CircleCI Atomic Red Team doc generator 30b77fc5a0 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-15 14:57:15 +00:00
Jil Larner 74ad1849de Changed default computer target from computer1 to localhost in the remote execution through MMC (#1218) 
Co-authored-by: Didier Cambefort <didier.cambefort@scrt.ch>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-15 08:56:52 -06:00
CircleCI Atomic Red Team doc generator 00948b0058 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-15 14:53:29 +00:00
Brian Thacker 7b90e89acd Update T1053.003.yaml (#1221) 
Add code to make cleanup commands.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-15 08:53:11 -06:00
CircleCI Atomic Red Team doc generator 45f59adc44 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-09 16:42:32 +00:00
kpsmiley23 e07e8842ef Update T1106.yaml (#1217) 
Execution doesn't currently work because tmp variable was broken

Tested successfully on a local instance

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-09 10:42:10 -06:00
CircleCI Atomic Red Team doc generator 166da61509 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-09 16:41:01 +00:00
Tsora-Pop eb45d7274c New Test T1562.004 (#1215) 
* New test to allow program through firewall

This test will attempt to allow an executable through the system firewall located in the Users directory

* Create AtomicTestPlaceholder

* AtomicTest executable added for test

* Delete AtomicTestPlaceholder

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-09 10:40:38 -06:00
CircleCI Atomic Red Team doc generator 5277ef9105 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-09 16:35:21 +00:00
Jil Larner 70ad88fe10 T1098 - Added cleanup capability (#1216) 
* Changed Admin Account Manipulate to be able to use Cleanup, as suggested in PR #1201

* Changed Admin Account Manipulate to be able to use Cleanup, as suggested in PR #1201

Co-authored-by: Didier Cambefort <didier.cambefort@scrt.ch>
 2020-09-09 10:35:00 -06:00
CircleCI Atomic Red Team doc generator 115bb861b7 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-04 17:21:36 +00:00
Jesse Moore ef53a91332 T1105.002 mp cmd run (#1214) 
* Update T1105.yaml

Add MpCmdRun Windows Defender LOLB

* Update T1105.yaml

Corrected input and yaml spacing

* Update T1105.yaml

Added PreReq exit else
And better description with URL

* Update T1105.yaml

Carrie added enhancements. Thank you Carrie!

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-04 11:21:08 -06:00
CircleCI Atomic Red Team doc generator dcb3d26d84 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-04 17:00:36 +00:00
Jesse Moore 74956c4425 Update T1562.002.yaml (#1213) 
Update T1562.002.yaml with Invoke-Phant0m to Kill Windows Event Log Services Threads.
 2020-09-04 10:59:55 -06:00
CircleCI Atomic Red Team doc generator 77428a9439 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-03 22:20:14 +00:00
Jesse Moore 46e38ff6d1 T1110.002 Hashcat (#1189) 
* T1110.002 Hashcat

T1110.002 Hashcat

* Update to T1110.002.yaml 

Since Hashcat downloads as 7zip I had to do some hacky things to get that to run on the system via $env:temp. I have tested via start-AtomicGUI, the check-prereqs, and GetReqs, Invoke-AtomicTest T1110.002 and the -cleanup command. this should be ready for anyone.

* Added Elevation is required for command

Elevation is Required for the attack command

* updates from Carrie

see comments in PR for details

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-09-03 16:19:30 -06:00
CircleCI Atomic Red Team doc generator b69f27c2b3 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-03 21:49:12 +00:00
kpsmiley23 730a62b977 Update T1003.002.yaml (#1212) 
Request raw Invoke-PowerDump.ps1 instead of repository page
 2020-09-03 15:48:52 -06:00
CircleCI Atomic Red Team doc generator 04a409832e Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:40:34 +00:00
Geoff Galitz f7584be904 T1003 NPPSPY GetPrereqs location fix (#1202) 
* Before:  NPPSPY is installed into atomics src directories, test
looks for it in the local temp directory resulting in an error.

After: Test is changed to look for NPPSPY directly in atomics src
directory

* Change test to install prereq to local temp directory and work from
there.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-20 14:40:09 -06:00
CircleCI Atomic Red Team doc generator 1411b5ec4a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:38:40 +00:00
Laken Harrell 85f4f0ec3f fixed prereq_command (#1205) 
Co-authored-by: Harrell <LHarrell@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-20 14:37:47 -06:00
CircleCI Atomic Red Team doc generator 84054abce5 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:28:30 +00:00
Brandon Morgan c8be2137d7 T1197 desktopimgdwnldr.exe (#1206) 
* Update T1197.yaml

desktopimgdownldr.exe initial commit

* Update T1197.yaml

fixed parsing issue with command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-20 14:27:09 -06:00
CircleCI Atomic Red Team doc generator 7e5f711d57 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:21:38 +00:00
bbucao ee7deb22fd Update to T1040.yaml test 3 "Packet capture windows command prompt" (#1208) 2020-08-20 14:21:07 -06:00
Matt Graeber 7e8eec1c7a Merge pull request #1207 from clr2of8/csv-index 
fix csv link on README
 2020-08-19 11:34:24 -04:00
Carrie Roberts fbba105bf1 Merge branch 'master' into csv-index 2020-08-19 09:31:30 -06:00
clr2of8 496b3e5ebf fix csv link 2020-08-19 09:29:26 -06:00
Matt Graeber 9cfc1159fa Merge pull request #1204 from redcanaryco/clr2of8-patch-6 
include full path to manage-bde.wsf. Thanks, Carrie!
 2020-08-19 11:29:23 -04:00
CircleCI Atomic Red Team doc generator 232e7e9a0e Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-6 2020-08-18 22:39:29 +00:00
Carrie Roberts 55785dfd6a include full path to manage-bde.wsf 2020-08-18 16:38:09 -06:00
CircleCI Atomic Red Team doc generator d55d047117 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-18 17:34:50 +00:00
Jesse Brown c288b163f7 [UPDATE] COR_PROFILER to new ID (T1574.012) (#1191) 
* [UPDATE] COR_PROFILER technique

* remove md file

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-18 11:34:31 -06:00
Carrie Roberts 9293e18102 Update the Readme to point to the new Wiki (#1192) 
* readme points to wiki now

* update readme
 2020-08-18 11:31:09 -06:00
Carrie Roberts af15596708 Add link to new Wiki page on contributing (#1193) 
* point to wiki

* just edit link on top to point to new wiki
 2020-08-18 11:21:07 -06:00
CircleCI Atomic Red Team doc generator 405126235f Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-17 16:14:43 +00:00
Tsora-Pop f294dedadc New T1562.004 Test "Open local port through Windows Firewall for any profile" (#1200) 
* Update T1562.004.yaml

added new atomic test to open a port through Windows Firewall to any profile

* Update T1562.004.yaml

added some fixes to command and cleanup

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-17 10:14:16 -06:00
CircleCI Atomic Red Team doc generator 1427393485 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-17 16:10:14 +00:00
Jil Larner 6f3085ee17 T1098 - Implemented domain account manipulation (#1201) 
* Implemented Domain account manipulation

* remove manually specified GUID

removing GUID so it can be assigned at merge time.

Co-authored-by: Didier Cambefort <didier.cambefort@scrt.ch>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-17 10:09:53 -06:00
CircleCI Atomic Red Team doc generator af5f096360 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-16 02:49:11 +00:00
bbucao 4050f7e76c Update T1564.004 test 3 Create ADS command prompt (#1198) 
* Update T1564.004 test 3

* ignore errors when running cleanup multiple times

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-15 20:48:56 -06:00
CircleCI Atomic Red Team doc generator 19b5ee9ee4 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-16 02:31:44 +00:00
Jesse Moore f4d059dbbc Update T1003.002.yaml for PowerDump (#1196) 
* Update T1003.002.yaml for PowerDump

Added PowerDump to parse SAM and SYSTEM for usernames and Hash

* Add fixes

Updated with fixes.
Its not erroring with Multiple cleanup
Removed preReqs, don't need them
Removed SAM and SYSTEM file dep... PowerDump can just Dump Registry for Hashes and Usernames

* Getting permanent links to file

Added permanent link to PowerDump in BC-SECURITY Github

* updated description

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-15 20:31:19 -06:00
CircleCI Atomic Red Team doc generator 2de9e9fc3a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-16 02:24:17 +00:00