685c735ebc
lastlog is not supported in OSX, at least not in 10.14.6 ( #902 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-23 09:11:27 -06:00
9476a6348d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-21 22:22:22 +00:00
617c32ac8e
Changed the executor for all windows test to powershell. Modified ( #901 )
...
windows test to actually create file to modify permissions as it
otherwise just fails unless input arguments are specified. Also added
cleanup commands to the windows tests.
Co-authored-by: Daniel White <d0w019h@homeoffice.wal-mart.com >
2020-03-21 16:21:51 -06:00
ab0b391ac0
Updated Descriptions ( #899 )
...
* Updated Descriptions
Batch of description updates to assist with understand what a test will do.
* Update T1055.yaml
* Update T1055.yaml
Trying to fix this...
* Update T1055.yaml
fixing again
* Update T1055.yaml
* spacing fix
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* wording updates
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* remove cmd.exe /c prefix
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* wording update
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* add back tick
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
* hashtag stuff
* Generate docs from job=validate_atomics_generate_docs branch=descriptions
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-03-20 16:48:58 -06:00
a18c66e61d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-20 20:35:45 +00:00
cbdafbd3a9
T1219_Update ( #900 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-20 14:35:18 -06:00
2fd64aed80
Update T1191.inf ( #898 )
...
Changed to correct URL for T1191.sct
2020-03-20 10:29:56 -06:00
e4ce60f9f2
Updated Descriptions ( #897 )
...
* Updated Descriptions
Updated descriptions with what to expect from successful execution.
* Update T1028.yaml
* Update T1028.yaml
* Generate docs from job=validate_atomics_generate_docs branch=description-updates
* move text to description
* Generate docs from job=validate_atomics_generate_docs branch=description-updates
* typo fix
* Generate docs from job=validate_atomics_generate_docs branch=description-updates
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 21:23:10 -06:00
94f2071b59
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-19 22:15:53 +00:00
e42f1f27ab
T1047 documentation ( #896 )
...
* Added descriptions to indicate when the commands works, replaced default host , exe and output format
* removing cleanup test 1,2,3
* fixed platform specific info
* added documentation on test 4
* typo correction
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 16:15:33 -06:00
30f4bc0401
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-19 22:03:11 +00:00
6469c41198
Success Descriptions 3rd Batch ( #895 )
...
* Success Descriptions 3rd Batch
* typo fix
* wording
* typo fix
* improve description
* remove update for now
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 16:02:55 -06:00
8a99c40601
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-19 19:17:26 +00:00
1f74427802
Add completion description and fixes 2nd batch ( #894 )
...
* Add completion description and fixed
* fix spelling
* wording update
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-19 13:17:08 -06:00
c429ff1f08
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-18 21:46:56 +00:00
74e33cac01
T1218-5_Updatefix ( #892 )
...
* T1218-5_Updatefix
* T1218-5_Updatefix
* wording update
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-18 15:46:22 -06:00
5448f13d66
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-18 19:11:17 +00:00
49e0553d98
Successful execution documentation ( #891 )
...
* start work
* more fixes
2020-03-18 13:10:33 -06:00
8af7925347
T1218-4_Updatefix ( #890 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-18 10:58:09 -06:00
56b945afd7
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-18 14:46:37 +00:00
b6998868dc
unique test names for OS ( #889 )
2020-03-18 08:46:16 -06:00
79911e0400
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-18 13:28:12 +00:00
74e0f641a8
More verbose descriptions to describe what success looks like (plus some little improvements) ( #888 )
...
* corrections to T1002 windows tests
* success descriptions
2020-03-18 07:27:47 -06:00
92949d4515
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-17 16:23:35 +00:00
9330f18cdb
Deleted T1134 atomic files ( #887 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-17 10:23:19 -06:00
e9d17b1839
delete the file , case sensitive EXE ( #886 )
2020-03-17 10:15:54 -06:00
f1bcfda48a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 21:33:02 +00:00
c6788c5736
Atomic test bug fixes/consistency improvements ( #884 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-16 15:32:25 -06:00
269db956d9
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 21:26:55 +00:00
634f529e59
T1117 atomics23 ( #885 )
...
* working on test 3 , removed quotations
* added compilled dll to a T1117/bin
Co-authored-by: Sangwa <ASangwa@nti.local >
2020-03-16 15:26:19 -06:00
414186e290
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 14:51:08 +00:00
71223b2514
backslash fix for markdown ( #881 )
2020-03-16 08:50:43 -06:00
9ed5a8b444
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 14:46:43 +00:00
6ec7d4bcf0
Specify language for markdown code blocks ( #882 )
...
* specify code block type in markdown
* specify code block type in markdown
2020-03-16 08:46:25 -06:00
71f3fbbaeb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-16 14:43:09 +00:00
1ffb768a14
fixes for both T1121 tests ( #880 )
2020-03-16 08:42:30 -06:00
39b101e798
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-13 18:41:26 +00:00
cf6351f981
Adding dependencies to T1118 to ensure support for remote testing ( #878 )
...
Co-authored-by: Matt Graeber <mattifestation@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-13 12:41:06 -06:00
264b8aba92
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-13 18:24:41 +00:00
334eb14226
T1121-2_Update ( #877 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-03-13 12:23:57 -06:00
159a477b99
Fixes #873 ( #874 )
...
https://github.com/redcanaryco/atomic-red-team/issues/873
2020-03-12 20:13:36 -06:00
8cb0e3e283
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-12 13:33:53 +00:00
d0687be58c
Refactoring and adding test cases for T1118 ( #872 )
...
* Refactoring and adding test cases for T1118
Developed a new test harness for InstallUtil variant execution and built many new tests around it.
* T1118 test refactoring and documentation
* All installer assemblies now output to %TEMP% by default so as to not pollute an atomics directory.
* Get-CommandLineArgument and Invoke-BuildAndInvokeInstallUtilAssembly are now fully documented.
* Cleanup commands added
* Any mention of payload was removed. This isn't offensive code and we should give that impression.
* Removed Rollback and Commit methods from the installer source code. I do not see it as a necessity to test this functionality.
Co-authored-by: Matt Graeber <mattifestation@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-12 07:33:11 -06:00
1eb7be4ae0
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-11 02:07:19 +00:00
5d7ea5c115
Move RegSvr32.sct into src ( #871 )
...
* Move RegSvr32.sct into src
* Fix
* Update T1117.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 20:06:57 -06:00
c086f9f2df
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-11 00:59:09 +00:00
13271f6447
Now goes to a tmp folder ( #870 )
...
* Now goes to a tmp folder
* Update T1118.yaml
* Update T1121.yaml
* Update T1121.yaml
* Update T1121.yaml
* Update T1118.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 18:58:34 -06:00
70e9ccfdf0
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-10 23:08:18 +00:00
5b61194689
T1048 exfiltration over dns ( #831 )
...
* added-dns-exfiltration
Exfiltration over DNS
* Update T1048.md
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-03-10 17:08:02 -06:00
2f778f359e
Generate docs from job=validate_atomics_generate_docs branch=master
2020-03-10 23:06:25 +00:00
Tyler Bennett