atomic-red-team

Author	SHA1	Message	Date
caseysmithrc	789b2cfc59	Added '---' (#350 )	2018-09-25 11:39:52 -07:00
Keith McCammon	74765edf7e	Merge pull request #349 from redcanaryco/add-related Add a Related section to reference other works	2018-09-21 08:01:44 -06:00
Keith McCammon	37e485ce06	Add a Related section to reference other works	2018-09-21 07:56:54 -06:00
Michael Haag	ba64b21e2a	T1126 fix (#341 ) * Resolve issue #340 Fixed #340 * Generate docs from job=validate_atomics_generate_docs branch=T1126-fix	2018-09-18 08:38:22 -07:00
Zac Brown	1976a539c8	Merge pull request #347 from ForensicITGuy/master MSXSL Bypass Test (T1127 Trusted Dev Utilities)	2018-09-14 23:03:39 -06:00
Tony M Lambert	ef0b8f073e	Hopefully this works remotely now	2018-09-14 20:49:10 -05:00
Tony M Lambert	62ed0f30ab	Fix script again	2018-09-14 20:46:03 -05:00
Tony M Lambert	03adb61ee4	Added remote test, simplified script file	2018-09-14 20:35:48 -05:00
Tony M Lambert	ddd0e81e54	Fix customer name	2018-09-14 16:21:39 -05:00
Tony M Lambert	f344a573b7	Add MSXSL test to T1127	2018-09-14 16:20:25 -05:00
Zac Brown	b85c21bb00	Merge pull request #346 from redcanaryco/T1140-Add T1140 - certutil rename and decode	2018-09-14 08:25:39 -06:00
CircleCI Atomic Red Team doc generator	d0a5bb7762	Generate docs from job=validate_atomics_generate_docs branch=T1140-Add	2018-09-14 13:34:52 +00:00
Michael Haag	52ca3f8b1b	Added certutil rename Reference: https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html https://twitter.com/ItsReallyNick/status/1040402921777782784	2018-09-14 08:34:29 -05:00
Zac Brown	4f31d6ac09	Merge pull request #339 from MSAdministrator/modified_execution_functions_and_readme Modified Invoke-AtomicRedTeam functions and README	2018-09-13 21:06:26 -06:00
Josh Rickard	9aeecf2694	Added Pester tests and modified Manifest file	2018-09-13 22:55:35 -04:00
Josh Rickard	e81485b3e2	Converted Invoke-AtomicRedTeam to PowerShell Script Module	2018-09-13 22:00:50 -04:00
CircleCI Atomic Red Team doc generator	8b6116bffc	Generate docs from job=validate_atomics_generate_docs branch=master	2018-09-13 20:33:22 +00:00
Michael Haag	a01d08725b	Merge pull request #343 from JimmyAstle/T1191-synax-fix Minor update to cmstp.exe syntax	2018-09-12 08:08:19 -04:00
Jimmy Astle	d5a791015b	Minor update to cmstp.exe syntax need to add teh /s so this test runs without user interaction	2018-09-11 15:36:29 -04:00
Michael Haag	6c0620f855	Merge pull request #342 from 2xyo/patch-1 T1117: Fix path of RegSvr32.sct	2018-09-11 10:05:46 -04:00
2*yo	909df7b204	Fix path of RegSvr32.sct `RegSvr32.sct` isn't in the `bin` folder.	2018-09-11 15:49:39 +02:00
Josh Rickard	5130db160b	Modified Invoke-AtomicRedTeam functions and README	2018-09-07 23:28:17 -04:00
caseysmithrc	18ae6fb97a	Merge pull request #335 from MSAdministrator/T1193-modifying-download-of-payload Added test for T1193 that downloads a macro-enabled excel sheet	2018-09-06 21:33:25 -06:00
caseysmithrc	41073650e6	Merge pull request #338 from MSAdministrator/origin/T1060-adding-removal-of-registry-keys Adding removal of registry keys for T1060 based on issue #328	2018-09-06 21:31:50 -06:00
Josh Rickard	823766d2c9	Adding removal of registry keys for T1060 based on issue #328	2018-09-06 21:56:10 -04:00
Josh Rickard	0738765238	Removing outdated tests for T1193 and Office/excel pre-check to test	2018-09-06 21:20:14 -04:00
Michael Haag	068a5fa98e	Merge pull request #325 from redcanaryco/Invoke-AtomicRedTeam Invoke atomic red team	2018-09-06 16:42:51 -04:00
caseysmithrc	86ffa9f37c	Fix All The Things	2018-09-06 12:18:17 -06:00
caseysmithrc	4fd7dd3cce	Fix Error Message	2018-09-06 11:45:06 -06:00
caseysmithrc	de3c2b6684	IMport-Module cleaner	2018-09-06 09:34:39 -06:00
caseysmithrc	0ed64ddf4a	Merge pull request #336 from MSAdministrator/T1112-modifying-the-registry Add test for T1112 that modifies registry keys	2018-09-06 07:23:03 -06:00
caseysmithrc	7aa0e28a90	Merge pull request #332 from redcanaryco/PowerShell-Executor.Command-Properties Power shell executor.command properties	2018-09-06 07:06:14 -06:00
Michael Haag	d02c38650e	Merge pull request #334 from redcanaryco/Fix-T1170 Fixed T1170 execution command	2018-09-06 08:02:08 -04:00
Josh Rickard	28c470b40c	Add test for T1112 that modifies registry keys	2018-09-05 23:46:44 -04:00
Josh Rickard	aa7e700a93	Added test for T1193 that downloads an macro-enabled excel sheet and opens your default web-browser	2018-09-05 21:49:22 -04:00
CircleCI Atomic Red Team doc generator	8778460f74	Generate docs from job=validate_atomics_generate_docs branch=Fix-T1170	2018-09-05 19:56:09 +00:00
caseysmithrc	7735933ba7	Fixed T1170 execution command	2018-09-05 13:55:53 -06:00
caseysmithrc	af2e5938e1	Fixed Error Message	2018-09-05 13:45:45 -06:00
caseysmithrc	747f5909d0	correct demo examples	2018-09-05 13:17:51 -06:00
CircleCI Atomic Red Team doc generator	36b00a7d20	Generate docs from job=validate_atomics_generate_docs branch=PowerShell-Executor.Command-Properties	2018-09-05 18:58:23 +00:00
Michael Haag	165ab03d68	t1086 fixed a executor	2018-09-05 14:58:05 -04:00
Zac Brown	f6c6cb2e28	Remove spurious spaces.	2018-09-05 10:56:55 -07:00
Zac Brown	2fd67101fe	Format harder. Signed-off-by: Zac Brown <zacbrown@users.noreply.github.com>	2018-09-05 10:53:39 -07:00
caseysmithrc	860a78908a	Best PowerShell Script EVEr Written	2018-09-05 11:48:10 -06:00
caseysmithrc	7073f4274e	Merge pull request #330 from redcanaryco/T1126 T1126 fix	2018-09-05 11:47:18 -06:00
caseysmithrc	a1b44d2b6b	Dependency Confrimation and Style fix	2018-09-05 11:17:31 -06:00
CircleCI Atomic Red Team doc generator	c03d202bd5	Generate docs from job=validate_atomics_generate_docs branch=PowerShell-Executor.Command-Properties	2018-09-05 15:35:37 +00:00
Michael Haag	b512869c36	Powershell fixes Fixed per issue #322	2018-09-05 11:35:24 -04:00
Michael Haag	626deed1ad	T1033 fix Typo on T1033	2018-09-05 11:25:52 -04:00
Michael Haag	7b57631c20	T1126 fix Fixed per issue #329	2018-09-05 11:17:19 -04:00

1 2 3 4 5 ...

1045 Commits