645cb4edcd
Update T1485.yaml ( #1395 )
...
Let the file which will be deleted be more dynamic to allow users to define thier own using an input argument
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-18 08:57:41 -07:00
7e974e12f2
Update qakbot.bat ( #1393 )
...
Updated qakbot recon command list as reported by DFIR Reports: https://twitter.com/TheDFIRReport/status/1361331598344478727
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-18 08:52:00 -07:00
95e6b573e7
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-17 18:19:25 +00:00
ac04c34c4a
Create file to delete as part of attack cmds ( #1394 )
...
* Create file to delete as part of attack cmds
* remove sample test
2021-02-17 18:19:00 +00:00
34f4512f15
add caching of techniques. performance improvement. ( #1391 )
2021-02-12 19:28:31 -07:00
881e46997b
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 20:47:58 +00:00
8ba4d67987
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 20:47:50 +00:00
6573d40801
Added test for T1137.004 to test Outlook Home Page persistence and pa… ( #1381 )
...
* Added test for T1137.004 to test Outlook Home Page persistence and payload execution
* Fix ATT&CK technique numbers
Co-authored-by: inzlain <inzlain@localhost>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-11 13:47:27 -07:00
43bda07d49
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 17:19:00 +00:00
17639d4d95
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 17:18:52 +00:00
57b1728731
Update T1136.002.yaml ( #1384 )
...
* Update T1136.002.yaml
* Adds default values, remove guid
* remove auto_generated_guid line
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-11 10:18:38 -07:00
fc3a267c82
Bump nokogiri from 1.10.10 to 1.11.1 ( #1389 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.10.10 to 1.11.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.10...v1.11.1 )
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-11 09:45:37 -07:00
ac3c47befe
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 16:17:23 +00:00
6f91baab5c
Update T1553.004.yaml ( #1386 )
...
Fixed test as it was not working
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-11 09:16:41 -07:00
73bdd9c307
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 15:59:48 +00:00
81f2b097b5
prereq fixes ( #1388 )
...
prereq fixes
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-11 08:59:22 -07:00
e136a49db2
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 14:06:01 +00:00
af5fbff0f2
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 14:05:53 +00:00
3fcf639acf
Create T1120.yaml ( #1387 )
2021-02-11 07:05:39 -07:00
e529ce5732
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:52:32 +00:00
94791c8073
T1113 x windows capture prereqs ( #1382 )
...
* Update T1113.yaml
Added prereq commands to test 3 "X Windows Capture"
* Update T1113.yaml
errors with multi-line if statement. Condensed to one line
* Update T1113.yaml
Changed prereqs of test 3 to be the redhat default. Changed prereqs of test 3 to have more input arguments
* Update T1113.yaml
Fixed typo in descriptions.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-09 11:51:53 -07:00
e922799d43
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:16:39 +00:00
87c5003eb5
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:16:30 +00:00
9ae0109e92
Update T1218.010.yaml ( #1383 )
...
Added Test 5: Regsvr32 Silent DLL Install Call DllRegisterServer
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-09 11:16:09 -07:00
adb8256347
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:14:10 +00:00
c5d92bca5d
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:14:01 +00:00
f8c8fbcab1
Added Audit Policy Config based Logging Impairment ( #1378 )
...
* Added Audit Policy Config based Logging Impairment
Auditpol can be used to manipulate audit log configuration. Test 3 simulates the adversary disabling certain audit policies to prevent respective events from being recorded in the log
* Add link, update test name
Adding in the Solarigate write-up link for reference and also removing the test # from the title (this gets added automatically to the Markdown file)
* added cleanup commands
Hi Carrie, The pre-req commands enables the auditpols initially so that it can be disabled when the atomic command is executed. I have copied the same syntax as pre-req to clean-up so it is reinstated. Based on additional research I have several more commands of interest I would like to add which were not part of the MS article but would be considered suspicious. Shall I add them as separate tests? i.e. sub-commands such as clear, restore, remove
* Removed the dependency section
Removed the dependency section
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-09 11:13:25 -07:00
802c6f33bc
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:33:01 +00:00
333e2407af
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:32:53 +00:00
05ce4209b5
procdump mini dump ( #1380 )
...
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
2021-02-02 19:32:35 -07:00
16ad79e864
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-01 17:01:17 +00:00
b3b1a2bb68
typo fix ( #1379 )
2021-02-01 10:00:51 -07:00
3fe613c6dd
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-25 13:43:05 +00:00
3b9bddaf20
Ryuk ( #1376 )
...
* adjust for usability
* change executor
* add input arg
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-25 06:42:40 -07:00
0b39063268
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:46 +00:00
da83687a17
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:38 +00:00
373176bcba
T1490 - WBAdmin ( #1375 )
...
* Added wbadmin delete systemstatebackup
* Update T1490.yaml
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
2021-01-23 17:53:20 -07:00
57ba7350b8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-22 16:30:47 +00:00
22c65f4acd
Fix to Cleanup Command for T1003.002 Test Number 3 ( #1374 )
2021-01-22 09:30:13 -07:00
7570e02911
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-21 18:48:01 +00:00
89de74b637
Updated Offline Credential Theft with mimikatz ( #1373 )
...
Updated the command segment related to guid: 453acf13-1dbd-47d7-b28a-172ce9228023
Existing request URL path doesn't exist in gentilkiwi's repo. Added code segment will obtain the latest mimikatz_trunk.zip from the repo.
I have repurposed the code segment done by Xiang ZHU https://copdips.com/2019/12/Using-Powershell-to-retrieve-latest-package-url-from-github-releases.html to meet the requirements here.
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-21 11:47:28 -07:00
05d2071e23
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:31 +00:00
52945641c0
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:23 +00:00
63d1e555d4
MSbuild inline task using Visual Basic ( #1371 )
...
* add visual basic test
* correct comment
2021-01-20 16:26:45 -07:00
bc705cb7aa
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:14:46 +00:00
1f26ebdb6c
typo corrections ( #1367 )
...
addresses issues #1365
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-13 12:14:14 -07:00
fca809efa6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:12:56 +00:00
5c52612858
added details to the description ( #1366 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-13 12:12:24 -07:00
be8d3644f2
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:11:35 +00:00
06ce6b9f11
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:11:27 +00:00
McNulty