72a67e2dc8
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-31 18:58:56 +00:00
a69e08e6ae
Updated T1048.003 to include Rclone ( #2202 )
...
* Updated T1048.003 to include Rclone
Added the use of Rclone to exfiltrate data to an external FTP server.
* Updated the test as discussed.
* Fixed the typo
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-31 13:58:24 -05:00
8c427d03ea
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 18:55:22 +00:00
535c5be594
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-31 18:55:16 +00:00
f5e9554b1a
Update T1562.001.yaml ( #2216 )
...
Add Atomic to leverage WMI to exclude a folder within Defender.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-31 13:54:50 -05:00
43d82f25da
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 18:42:04 +00:00
2589ca7d6f
fix missing input arg ( #2210 )
2022-10-31 13:41:32 -05:00
40cb9df131
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 14:02:32 +00:00
cd6e3d15ae
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-31 14:02:26 +00:00
aaf8223501
t1027-006-html-smuggling ( #2215 )
...
Add Atomic for HTML smuggling
2022-10-31 08:01:55 -06:00
6f0df94b1d
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-28 17:46:40 +00:00
a317977c6b
Update T1056.001.yaml ( #2208 )
...
* Update T1056.001.yaml
fix bug: "Input Capture" of T1056.001 not download poweshel script
* update url
I updated the URL to point to the "raw" ps1 file instead of the html page showing the preview. Also removed the input arg for the PS1 since the attack commands call the script directly and don't use the input argument. Also, not likely that users will need to modify that input arg so leaving it out for clarity. Chose to give the full path to the ps1 script in the attack commands instead of changing directories first.
* Update T1056.001.yaml
* Update T1056.001.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-28 12:46:13 -05:00
69ff63cbeb
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-28 17:03:36 +00:00
0d4be0fcdc
Update T1070.003.yaml ( #2209 )
...
In this command "Set-PSReadLineOption -HistorySaveStyle SaveIncrementally",The "–" correct is "-"
2022-10-28 12:02:59 -05:00
c434c577af
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:35:40 +00:00
4fffd2bd92
add dependency executor since it is different than attack cmds ( #2203 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-27 14:35:07 -06:00
fd90991054
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:17:13 +00:00
d3f49a0913
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-27 20:17:07 +00:00
066d82351c
New AutoDial DLL persistence atomic ( #2207 )
...
* New AutoDial DLL persistence atomic
* Update T1546.yaml
2022-10-27 14:16:38 -06:00
a3f9a79d63
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 17:12:15 +00:00
74a13a8b92
Merge pull request #2206 from redcanaryco/isofix
...
Update T1553.005 - Runs lnk now
2022-10-27 10:11:38 -07:00
93c92d10b2
Update T1553.005 - Runs lnk now
2022-10-27 11:03:58 -06:00
e149cf9df2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-26 15:13:43 +00:00
dba79489fb
Incomplete Process Termination Process ( #2205 )
...
The Notepad process was not terminating after the command execution
Line Added:
taskkill /im notepad.exe /t /f > NUL 2>&1
The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
2022-10-26 09:13:05 -06:00
aa218974e7
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-25 00:18:35 +00:00
d29652b752
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-25 00:18:27 +00:00
ba34e45163
Merge pull request #2197 from redcanaryco/aws_password_spray
...
AWS - Password Spray an AWS using GoAWSConsoleSpray
2022-10-24 17:17:49 -07:00
8b43cf51f7
Merge branch 'master' into aws_password_spray
2022-10-24 17:16:55 -07:00
e4844d7576
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:27:34 +00:00
890607b6fe
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:27:28 +00:00
f710d57e40
T1547.004 new hklm tests ( #2196 )
...
* Created 3 copies of the original HKCU tests but on HKLM
Committer: Thomas De Brelaz <thockoro@hotmail.com >
* Removed Notify tests, no longer supported in win10 and the tests were broken due to missing dll prerequisite
* re-added notify test
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:27:01 -06:00
4787dc43e9
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:19:18 +00:00
b1048a588d
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:19:11 +00:00
638ba68ee6
Tccontre patch 1 ( #2200 )
...
* Update T1124.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1016.yaml
* Update T1016.yaml
* update test name
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:18:40 -06:00
b9aebd1c0e
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-21 02:18:13 +00:00
f3a038ca78
Remove trailing \ from web_shells default path ( #2199 )
...
xcopy doesn't work when there is a trailing \ in a path.
default: PathToAtomicsFolder\T1505.003\src\ caused the "Invalid path" error
Removing the trailing \ fixes the issue
2022-10-20 20:17:29 -06:00
3927202872
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-20 21:47:35 +00:00
80be4123cd
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-20 21:47:29 +00:00
0d4622f4e8
Update T1564.yaml ( #2198 )
2022-10-20 15:46:58 -06:00
dfd1f668af
adding atomic
2022-10-19 16:16:08 -07:00
27f8de3193
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 16:13:48 +00:00
f10bb08817
fix dir creation ( #2194 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-19 10:13:16 -06:00
99f4231d0b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:43:05 +00:00
dd82e78da7
Merge pull request #2099 from chronolator/T1201_Improved
...
T1201_Improved
2022-10-18 21:42:37 -04:00
9c3f3e6b9e
Merge branch 'master' into T1201_Improved
2022-10-18 21:41:30 -04:00
69028837c2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:28:38 +00:00
7b1e347a4d
Update T1014.md because of typo at Test number 3 (yaml corrected) ( #2189 )
...
ld.so.preload instead of ls.so.preload
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:28:00 -06:00
2be544c1d5
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:26:46 +00:00
a865221e1a
Minor edits to test number 2 ( #2190 )
...
Separated reference URLs in description section with commas ','
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:26:16 -06:00
ff1a5cf07b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:25:12 +00:00
Atomic Red Team GUID generator