security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,840 Commits 47 Branches 0 Tags
7d311f19f1394de014e2e504a5052128e63351b1
Commit Graph

140 Commits

Author SHA1 Message Date
Atomic Red Team doc generator cc2ac1e0c1 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-29 01:20:49 +00:00
Atomic Red Team GUID generator d017a40f10 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-29 01:20:32 +00:00
Matt Anderson af587464f6 Update T1112.yaml (#2709) 
* Update T1112.yaml

Added Powershell method to modify Wdigest registry setting to store cleartext credentials.

* remove redundant powershell.exe

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-28 19:19:52 -06:00
Atomic Red Team doc generator 1e4d33d15a Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:23:17 +00:00
Jake H 694d2c0778 Removing REM from 95b25212-91a7-42ff-9613-124aca6845a8 due to incorrect execution (#2681) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:22:25 -06:00
Atomic Red Team doc generator d7c45a052d Generated docs from job=generate-docs branch=master [ci skip] 2023-12-07 02:56:57 +00:00
tccontre de8f541aaa T1112 - DarkGate Registry Modification (#2633) 
* T1112 - DarkGate Registry Modification

* Update T1112.yaml

* Update T1112.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-12-06 21:56:04 -05:00
Atomic Red Team doc generator b2bc904f4c Generated docs from job=generate-docs branch=master [ci skip] 2023-12-04 18:56:01 +00:00
Atomic Red Team GUID generator cc6a655d63 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-12-04 18:55:44 +00:00
PhyoPaingHtun ChiLai bb601df2f8 Update T1112.yaml (Scarab Ransomware Defense Evasion Activities & Me… (#2625) 
* Update T1112.yaml (Scarab Ransomware Defense Evasion Activities  & Merdoor Backdoor Persistence Activities)

Scarab Ransomware Defense Evasion Activities 
Merdoor Backdoor Persistence Activities

* Update T1112.yaml (Update Merdoor Backdoor article)

* Update T1112.yaml (Update Syntax Error)

* Update T1112.yaml (Update Syntax Error)

* Update T1112.yaml

---------

Co-authored-by: PhyoPaingHtun ChiLai <83696447+PhyoPaing777@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-12-04 12:55:07 -06:00
Atomic Red Team doc generator e6fb2beca0 Generated docs from job=generate-docs branch=master [ci skip] 2023-12-04 18:31:49 +00:00
Atomic Red Team GUID generator d46b0d874e Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-12-04 18:31:36 +00:00
PhyoPaingHtun ChiLai 0e7356bccb Update T1112.yaml (Update Disable FIDO Authentication) (#2626) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-12-04 12:30:59 -06:00
Atomic Red Team doc generator b16ca202be Generated docs from job=generate-docs branch=master [ci skip] 2023-11-28 16:24:17 +00:00
Atomic Red Team GUID generator f132339bf6 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-11-28 16:24:01 +00:00
PhyoPaingHtun ChiLai 8d981c0488 Update T1112.yaml (Activities To Disable Secondary Authentication Detected) (#2619) 
* Update T1112.yaml 

Disable Secondary Authentication Detected

* Update T1112.yaml

Added reference link in description

---------

Co-authored-by: PhyoPaingHtun ChiLai <83696447+PhyoPaing777@users.noreply.github.com>
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-11-28 10:23:25 -06:00
Atomic Red Team doc generator fc49b11d8e Generated docs from job=generate-docs branch=master [ci skip] 2023-09-19 19:41:40 +00:00
Atomic Red Team GUID generator d604c832de Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-19 19:41:22 +00:00
Swachchhanda Shrawan Poudel f62d4c157c Modify Internet Zone Protocol Defaults in Current User Registry through PowerShell (#2534) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-09-19 13:40:44 -06:00
Atomic Red Team doc generator b76b49523e Generated docs from job=generate-docs branch=master [ci skip] 2023-09-13 01:31:11 +00:00
Atomic Red Team GUID generator 2ce6565ace Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-09-13 01:30:53 +00:00
Nasreddine Bencherchali 39534eb4ed Update T1112.yaml (#2522) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-09-12 19:30:08 -06:00
Atomic Red Team doc generator eec95b5b86 Generated docs from job=generate-docs branch=master [ci skip] 2023-08-02 03:24:15 +00:00
tccontre 711586d258 Tccontre max connection per server (#2503) 
* updating atomics count in README.md [ci skip]

* Update T1112.yaml

---------

Co-authored-by: publish bot <opensource@redcanary.com>
 2023-08-01 13:22:35 -06:00
Atomic Red Team doc generator a77383047f Generated docs from job=generate-docs branch=master [ci skip] 2023-07-12 02:38:27 +00:00
frack113 a7e5260a93 Add reg.exe force swith (#2477) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-11 20:36:53 -06:00
Atomic Red Team doc generator b1f3c968f2 Generated docs from job=generate-docs branch=master [ci skip] 2023-05-19 17:06:33 +00:00
Atomic Red Team GUID generator 2a51677203 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-05-11 20:40:32 +00:00
Michael Haag 1ebcb346f6 Snake Malware Atomic Tests 2023-05-11 12:40:31 -06:00
tccontre e2e6032f81 Tccontre redline defense evasion through registry (#2408) 
* Update T1112.yaml

* Update T1112.yaml

* Update T1112.yaml

* Update T1112.yaml

* Update T1112.yaml

* Update T1112.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-04-27 11:09:51 -05:00
Atomic Red Team doc generator 63bd86ad84 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-28 12:52:06 +00:00
Zeta ff51371575 Update T1112 
Added new technique "Enabling Remote Desktop Protocol via Remote Registry"
 2023-03-28 14:28:40 +07:00
Atomic Red Team doc generator f982fdda71 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-09 16:50:59 +00:00
Zeta 8863da1c40 T1112: fix typo (#2357) 
fix typo
 2023-03-09 09:49:28 -07:00
Atomic Red Team doc generator 8ec0ff54c6 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-24 04:33:12 +00:00
Atomic Red Team GUID generator 9ec5c8bcaf Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-02-24 04:32:51 +00:00
John Chamblee 19f1ee8e97 Added T1112 Event Viewer persistence (#2346) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-23 21:32:18 -07:00
Atomic Red Team doc generator 16594d72c5 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-13 23:11:19 +00:00
Josh Rickard a5dd0813cd fix: Updating atomics YAML file structure to align with the new JSON schema definition (#2323) 
* fix: Updating atomics YAML file structure to align with the new JSON schema definition.

This also fixes some white space issues and general line formatting across all impacted atomics.

* fix: One additional change needed

---------

Co-authored-by: MSAdministrator <MSAdministrator@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-13 16:10:37 -07:00
Atomic Red Team doc generator cd3690b100 Generated docs from job=generate-docs branch=master [ci skip] 2023-01-31 14:48:55 +00:00
Atomic Red Team GUID generator b12b28bf52 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-01-31 14:48:49 +00:00
Leo Verlod 1896e182c5 Adding T1112 Mimic Ransomware Registry Modification Tests (#2306) 
Adding T1112 tests 45 and 46 to emulate Mimic ransomware's ability to modify the registry in order to enable multiple user sessions locally, as well as allow multiple RDP sessions per user. 

Reference: https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-01-31 09:48:20 -05:00
Atomic Red Team doc generator 054d7516ca Generated docs from job=generate-docs branch=master [ci skip] 2023-01-15 21:39:49 +00:00
Carrie Roberts 5445f291a2 Update T1112.yaml (#2283) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-01-15 16:39:13 -05:00
Atomic Red Team doc generator 9a6e0425ff Generated docs from job=generate-docs branch=master [ci skip] 2022-12-30 16:02:40 +00:00
Atomic Red Team GUID generator 8036dec1c4 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-12-30 16:02:34 +00:00
devapriya16 4a4fd153d8 Update T1112.yaml (#2262) 
Enabling Restricted Admin Mode via Command_Prompt, enables an attacker to perform a pass-the-hash attack using RDP

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-12-30 11:02:04 -05:00
Atomic Red Team doc generator 08579bb5be Generated docs from job=generate-docs branch=master [ci skip] 2022-12-30 00:42:18 +00:00
Carrie Roberts 0dab0ee7e9 block regedit and cmd.exe (#2260) 2022-12-29 17:41:33 -07:00
Atomic Red Team doc generator c55f3ecce0 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-07 21:25:36 +00:00