security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,840 Commits 47 Branches 0 Tags
7d311f19f1394de014e2e504a5052128e63351b1
Commit Graph

5840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
publish bot 9628658dba updating atomics count in README.md [ci skip] 2024-02-22 20:07:05 +00:00
jianni20 df24b972a9 New test: T1003.003 - Create Volume Shadow Copy with diskshadow (#2690) 
* New test - Create Volume Shadow Copy with diskshadow

* Fix typos

* fix indentation

* Update T1003.003.yaml

* Update T1003.003.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-22 14:06:29 -06:00
publish bot 1eed144a1e updating atomics count in README.md [ci skip] 2024-02-22 19:49:03 +00:00
adelfavero57 eba0f8ea61 Esxi atomic tests batch 2 (#2650) 
* initial esxi commit

* second commit esxi

* use ExternalPayloads folder

* use ExternalPayloads folder

---------

Co-authored-by: clr2of8 <clr2of8@gmail.com>
 2024-02-22 13:48:23 -06:00
publish bot 11400be951 updating atomics count in README.md [ci skip] 2024-02-22 17:44:08 +00:00
Carrie Roberts e1d81a1412 remove open source index badge (#2692) 2024-02-22 12:43:27 -05:00
Atomic Red Team doc generator 77a44aea50 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-22 17:37:16 +00:00
Atomic Red Team GUID generator ed31f26ba9 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-22 17:37:00 +00:00
Michael Haag 8f71cf4d53 SOAPHound (#2689) 
* SOAPHound

* Updates

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-22 11:36:17 -06:00
Atomic Red Team doc generator a840cf6245 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-21 16:26:59 +00:00
Carrie Roberts af13a59177 remove atomic w/broken bitly link (#2693) 2024-02-21 11:25:36 -05:00
publish bot 29f5edda49 updating atomics count in README.md [ci skip] 2024-02-12 20:36:28 +00:00
dependabot[bot] 322d908af6 Bump ruamel-yaml from 0.18.5 to 0.18.6 (#2685) 
Bumps [ruamel-yaml]() from 0.18.5 to 0.18.6.

---
updated-dependencies:
- dependency-name: ruamel-yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-12 14:35:36 -06:00
Atomic Red Team doc generator 86c88bc4d1 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-09 14:59:36 +00:00
Atomic Red Team GUID generator 15e983365f Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-09 14:59:20 +00:00
traceflow 50512fcc95 Adding ASR rules deletion (#2683) 
* adding ASR rules deletion

* adding ASR rules deletion

* adding ASR rules deletion

* adding ASR rules deletion

* adding ASR rules deletion

* adding ASR rules deletion

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-09 08:58:45 -06:00
Atomic Red Team doc generator 98f9300887 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:39:53 +00:00
Atomic Red Team GUID generator ded6414060 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-08 21:39:40 +00:00
Thomas M f92569597a Add new atomic test T1055 custom uuid process injection in C, a stealthier implementation compares to the original one introduced by NCC group (#2674) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:39:08 -06:00
Atomic Red Team doc generator dea1cd7641 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:36:56 +00:00
Atomic Red Team GUID generator a9326f2654 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-08 21:36:40 +00:00
Thomas M 18ba41456e T1027.007 Obfuscated Files or Information: Dynamic API Resolution: ninja syscall (#2673) 
* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution

* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution

* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution

* Add new atomic test T1027.007 Obfuscated Files or Information: Dynamic API Resolution

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:35:56 -06:00
Atomic Red Team doc generator 669e685b8d Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:29:25 +00:00
Jake H a4653ac9b5 Updating get_prereq_command to download and install python3 & pip (#2680) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:28:39 -06:00
Atomic Red Team doc generator 1e4d33d15a Generated docs from job=generate-docs branch=master [ci skip] 2024-02-08 21:23:17 +00:00
Jake H 694d2c0778 Removing REM from 95b25212-91a7-42ff-9613-124aca6845a8 due to incorrect execution (#2681) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-02-08 15:22:25 -06:00
publish bot 3f11f5d33a updating atomics count in README.md [ci skip] 2024-02-08 21:17:57 +00:00
Koustav Choudhury c1a770844d Excel spelling typo (#2682) 2024-02-08 15:17:19 -06:00
Atomic Red Team doc generator 02c7d02fe1 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-05 16:49:04 +00:00
Emile Marty 12f5d9d323 Update T1490.yaml (#2677) 
* Update T1490.yaml

Fixed a formatting error in #2676

* Update T1490.yaml

add dependency_executor_name field

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2024-02-05 09:48:15 -07:00
Atomic Red Team doc generator e30f9b573f Generated docs from job=generate-docs branch=master [ci skip] 2024-02-05 16:43:49 +00:00
Atomic Red Team GUID generator a5bf6bad39 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-05 16:43:32 +00:00
Kyaw-Pyiyt-Htet 25515b8f72 Mikoyan dee patch 1 (#2679) 
* Update T1040.yaml

PowerShell cmdlets to capture network traffic

* Update T1040.yaml

* Update T1040.yaml
 2024-02-05 09:42:53 -07:00
Atomic Red Team doc generator 0e202df355 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-31 23:30:28 +00:00
Emile Marty 2a194cdc34 Added support for T1490 creating shadow copies in Windows 10+ (#2676) 
* Update T1490.yaml

Support for creating shadow copies in Windows 10+

* Update T1490.md

Updating documentation

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-31 17:29:42 -06:00
Atomic Red Team doc generator ed9cb8cdc7 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-31 23:27:05 +00:00
Atomic Red Team GUID generator 24c9dc3212 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-31 23:26:50 +00:00
sai prashanth pulisetti e9051bed60 Update T1490.yaml "Modify VSS Service Permissions" (#2668) 
* Update T1490.yaml "Modify VSS Service Permissions"

Modify permissions of the VSS service to inhibit system recovery. This test alters the security settings of the Volume Shadow Copy Service (VSS), potentially impacting system recovery operations. It should be conducted only in a controlled environment. The executor must have administrative privileges to modify service permissions. Note that this test does not include a cleanup command; thus, the changes will persist after execution. Ensure that you have a backup or a system recovery plan in place before running this test. Running this test on a production system or critical environment is not recommended without proper precautions.

* Update T1490.yaml

updated guid

* Update T1490.yaml

updated description and clean up command

* Update T1490.yaml

updated indentations

* Update T1490.yaml

* Update T1490.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-31 17:26:10 -06:00
publish bot abbf7b177b updating atomics count in README.md [ci skip] 2024-01-31 23:23:39 +00:00
zaicurity dc264a80f4 Added T1562.010 Test for PowerShell v2 Downgrade (#2670) 
* Added T1562.010 Test for PowerShell v2 Downgrade

* Remove PowerShell Downgrade Attack atomic from T1059.001.yaml
 2024-01-31 17:22:30 -06:00
Atomic Red Team doc generator 45138fdb07 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-29 16:24:34 +00:00
Atomic Red Team GUID generator 5836fe0a80 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-29 16:24:22 +00:00
sai prashanth pulisetti a5a1cf78fb Update T1041.yaml DNS-Based C2 Data Exfiltration (#2663) 
* Update T1041.yaml DNS-Based C2 Data Exfiltration

Simulates an adversary using DNS tunneling to exfiltrate data over a Command and Control (C2) channel.

* Update T1041.yaml

updated the changes as requested

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-29 10:23:47 -06:00
publish bot 11e8fd705b updating atomics count in README.md [ci skip] 2024-01-29 16:22:06 +00:00
dependabot[bot] b351059afd Bump jsonschema from 4.20.0 to 4.21.1 (#2667) 
Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.20.0 to 4.21.1.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.20.0...v4.21.1)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-29 10:21:26 -06:00
Atomic Red Team doc generator b98739b474 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-29 15:55:01 +00:00
Jake H a68803c0c3 Adding curly brakets to powershell command to fix issue with interpretation of variables (#2672) 2024-01-29 09:53:35 -06:00
Atomic Red Team doc generator c4fea7a287 Generated docs from job=generate-docs branch=master [ci skip] 2024-01-20 20:48:23 +00:00
Atomic Red Team GUID generator fd3e8c05dd Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-01-20 20:48:10 +00:00
Mohana Shankar D 11c442180e Update T1486.yaml (#2665) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-01-20 14:47:36 -06:00