security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,840 Commits 47 Branches 0 Tags
7d311f19f1394de014e2e504a5052128e63351b1
Commit Graph

5840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Badoodish 7d311f19f1 Update T1562.003.yaml (#2716) 
Corrected the MITRE ATT&CK subtechnique name at top of the file.
Added two new tests for disabling Windows Command Line Auditing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-06 13:34:39 -06:00
publish bot 9877156eec updating atomics count in README.md [ci skip] 2024-03-06 16:43:12 +00:00
Raghav_Singh 097ed862cc New Tests: T1001.002 - Data Obfuscation: Steganography (#2695) 
* Create T1001.002.yaml

* Create T1001.002.md

* Update T1001.002.yaml

* Update T1001.002.yaml

* Delete atomics/T1001.002/T1001.002.md

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-06 10:42:19 -06:00
Atomic Red Team doc generator 029110b694 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-01 19:23:30 +00:00
Atomic Red Team GUID generator 82729bc3bc Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-01 19:23:17 +00:00
jandress 498aecdb83 New test: T1542.001 - 'UEFI Persistence via Wpbbin.exe File Creation' (#2714) 
* New test: T1542.001 - 'UEFI Persistence via Wpbbin.exe File Creation'

* Update T1542.001.yaml

---------

Co-authored-by: jandress <1542666+jandress@users.noreply.github.com>
 2024-03-01 13:22:39 -06:00
Atomic Red Team doc generator de85398163 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-01 17:54:31 +00:00
Zitni Handoo 13937a18f4 Fix T1071.001 Test 2 (#2713) 
Test #2 for T1071.001 is currently not working properly, since the pre-requisite command is incorrect.
This change is to fix the md and yaml files to update the URL for curl
 2024-03-01 11:53:40 -06:00
Atomic Red Team doc generator 11a5b66c38 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-29 01:57:59 +00:00
Atomic Red Team GUID generator f7c26683f5 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-29 01:57:47 +00:00
Leo Verlod 133cc748ff Adding T1134.001 Test 5 - JuicyPotato (#2711) 
* Update T1134.001.yaml

* Update T1134.001.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-28 19:57:14 -06:00
Atomic Red Team doc generator 03aa370b35 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-29 01:53:08 +00:00
Atomic Red Team GUID generator 91a921ee4f Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-29 01:52:56 +00:00
collinmsec 610573612b Update T1120.yaml (#2710) 
* Update T1120.yaml

Added fsutil drive discovery for the technique of Peripheral Device Discovery

* Update T1120.yaml

Made some changes due to error in the workflow

* Update T1120.yaml

Made changes to remove several items

* Update T1120.yaml

Changes made

* Update T1120.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-28 19:52:23 -06:00
Atomic Red Team doc generator 78c918a02e Generated docs from job=generate-docs branch=master [ci skip] 2024-02-29 01:28:02 +00:00
Atomic Red Team GUID generator 07e40226c9 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-29 01:27:49 +00:00
Pattharadanai Sanitjairak aa236952ec Creating new test for T1059 and T1071 (#2708) 
* Adding T1059 and T1071

* Update T1071.md

* Delete atomics/T1071/src directory

* Add files via upload

* change localhost to 127.0.0.1 in T1070.yaml

* Update T1071.md

* Update T1071.md

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-28 19:27:14 -06:00
Atomic Red Team doc generator cc2ac1e0c1 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-29 01:20:49 +00:00
Atomic Red Team GUID generator d017a40f10 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-29 01:20:32 +00:00
Matt Anderson af587464f6 Update T1112.yaml (#2709) 
* Update T1112.yaml

Added Powershell method to modify Wdigest registry setting to store cleartext credentials.

* remove redundant powershell.exe

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-28 19:19:52 -06:00
Atomic Red Team doc generator ef76a8b32c Generated docs from job=generate-docs branch=master [ci skip] 2024-02-26 19:51:20 +00:00
Atomic Red Team GUID generator 344dea9fbd Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-26 19:51:04 +00:00
swathinator 29e3c6eb8f Update RustDesk T1219.yaml (#2706) 
* Update RustDesk T1219.yaml

Update RustDesk T1219

* Update T1219.yaml

* Update T1219.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-26 13:50:20 -06:00
Atomic Red Team doc generator e9b9f2ed7b Generated docs from job=generate-docs branch=master [ci skip] 2024-02-26 15:24:49 +00:00
Atomic Red Team GUID generator c09d2a3748 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-26 15:24:32 +00:00
sai prashanth pulisetti b166507614 Update T1030.yaml Network-Based Data Transfer in Small Chunks (#2658) 
* Update T1030.yaml Network-Based Data Transfer in Small Chunks

# Atomic Test # - T1030 - Data Transfer Size Limits: Network-Based Data Transfer in Small Chunks

## Objective

Simulate the technique of transferring data over a network in small chunks to evade size-based detection mechanisms.

## Description

This test involves transferring data over a network (either to a controlled external endpoint like `example.com`) in small, segmented sizes. This simulates an adversary's behavior in conducting stealthy data exfiltration.

* Update T1030.yaml

* Update T1030.yaml

removed clean up commands and detection

* Update T1030.yaml

* Update T1030.yaml

updated guid

* Update T1030.yaml

* Update T1030.yaml

updated intendents

* Update T1030.yaml

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-26 09:23:55 -06:00
Jake H edea906548 Implementation of venv into Windows Python atomics (#2703) 
* Improve pip handling (#1)

* virtual env added to T1018, tested and confirmed working

* virtual env added to T1003.001, tested and confirmed working

* virtual env added to T1555.003, tested and confirmed working

* Removing pip-autoremove installation as not required

* updating atomics count in README.md [ci skip]

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: publish bot <opensource@redcanary.com>
 2024-02-26 09:19:26 -06:00
Atomic Red Team doc generator 5aef5da247 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-26 15:17:23 +00:00
Atomic Red Team GUID generator 05fc04f419 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-26 15:17:09 +00:00
chefengineer a09cebd1a3 Adding new test for T1654 for Enumerate Windows Security Log (#2704) 
* Adding new test for T1654 for Enumerate Windows Security Log via WevtUtil

Adding new test for T1654 for Enumerate Windows Security Log via WevtUtil

* Update T1654.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-26 09:16:32 -06:00
publish bot d7cdd5d68a updating atomics count in README.md [ci skip] 2024-02-26 15:08:34 +00:00
dependabot[bot] 61733d1e90 Bump actions/checkout from 3 to 4 (#2705) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 09:07:37 -06:00
publish bot 8daf92f314 updating atomics count in README.md [ci skip] 2024-02-25 01:30:51 +00:00
dependabot[bot] 664af47cb0 Bump actions/github-script from 6 to 7 (#2698) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-02-24 20:30:07 -05:00
publish bot 29baf7d62e updating atomics count in README.md [ci skip] 2024-02-25 01:28:47 +00:00
dependabot[bot] 7125b098c8 Bump hashicorp/setup-terraform from 2 to 3 (#2699) 
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/setup-terraform/compare/v2...v3)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-02-24 20:28:09 -05:00
publish bot db7e361b03 updating atomics count in README.md [ci skip] 2024-02-25 01:24:52 +00:00
dependabot[bot] 6bb1f1db7c Bump actions/upload-artifact from 3 to 4 (#2700) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
 2024-02-24 20:24:11 -05:00
publish bot d1551ed88f updating atomics count in README.md [ci skip] 2024-02-25 01:22:42 +00:00
dependabot[bot] c821a8f785 Bump actions/stale from 7 to 9 (#2701) 
Bumps [actions/stale](https://github.com/actions/stale) from 7 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v7...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-24 18:22:06 -07:00
publish bot 7ef6a1ae5b updating atomics count in README.md [ci skip] 2024-02-25 01:20:54 +00:00
dependabot[bot] 76a970dd84 Bump actions/setup-python from 4 to 5 (#2702) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-24 18:20:10 -07:00
Hare Sudhan 097661445e Dependabot update (#2697) 
* dependabot update

* updating atomics count in README.md [ci skip]

---------

Co-authored-by: publish bot <opensource@redcanary.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-24 20:17:21 -05:00
Atomic Red Team doc generator ae87c3e185 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-25 01:15:48 +00:00
Atomic Red Team GUID generator 21401622e4 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-25 01:15:31 +00:00
Hare Sudhan bf630ecb29 fix guid error (#2696) 2024-02-24 18:14:49 -07:00
publish bot 2207b5435e updating atomics count in README.md [ci skip] 2024-02-22 21:29:45 +00:00
KillrBunn3 1202d62c59 New test: T1218.011 Gamarue tradecraft commandline with rundll32 execution (#2678) 
* New test: T1218.011 Gamarue tradecraft commandline with rundll32 execution

* Update T1218.011.yaml

* Update T1218.011.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-22 15:29:05 -06:00
publish bot b96b30d394 updating atomics count in README.md [ci skip] 2024-02-22 20:56:39 +00:00
Daniel Cortez 0bd9b1acc1 New Test T1137.001 - 'Office Application Startup: Office Template Macros.' (#2694) 
* Create T1137.001.yml

Created new Directory and new test for T1137.001

* Rename T1137.001.yml to T1137.001.yaml

* Update T1137.001.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-22 14:56:04 -06:00