security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,840 Commits 47 Branches 0 Tags
7d311f19f1394de014e2e504a5052128e63351b1
Commit Graph

5840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team doc generator fdb6cdb7c6 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-18 16:21:18 +00:00
Atomic Red Team GUID generator 696f2c1d72 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-18 16:21:12 +00:00
GirvinRC cd39269366 Merge pull request #2213 from packetzero/am_t1040_linux_pcap 
Add Linux T1040 Packet Capture using raw sockets and filtering
 2022-11-18 11:20:45 -05:00
Atomic Red Team doc generator d8afb1fb8d Generated docs from job=generate-docs branch=master [ci skip] 2022-11-17 22:09:05 +00:00
Clément Notin 89126e68cd Fix bug where the search returns multiple objects by selecting only the first (#2235) 
The issue was that "Get-AzureADServicePrincipal" and "Get-AzureADApplication" may return several results matching the provided name which is not handled properly by the code which will crash. The solution is to select only the first object.

I took the opportunity for a couple minor improvements in the code of those two tests.
 2022-11-17 17:08:24 -05:00
Atomic Red Team doc generator 54f7393181 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-15 23:53:18 +00:00
Atomic Red Team GUID generator f5526d45fd Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-15 23:53:11 +00:00
Michael Haag 2d6d00c01c Update T1548.002.yaml - WSReset UAC Bypass (#2232) 
* Update T1548.002.yaml

* removed elevation requirement
 2022-11-15 18:52:41 -05:00
Clément Notin 01eb60eaf8 Use AADInternals for AAD federation attack 
Azure AD has two kinds of federated domains. The one that can be used to authenticate on AAD, as an AAD user, and the one that can be used to authenticate as a guest user (also called external identity).

The current implementation of the attack seems to work but actually it uses the cmdlets to create a federated domain for external identities which is not the thing we want to showcase this ATT&CK technique. Since such a federated domain does not allow to authenticate as an AAD user.
Sorry for missing this when I supervised the initial work on this ART test.

Newest method uses AADInternals which is a popular attack framework for AAD and which offers exactly the cmdlet we need.
 2022-11-15 17:35:31 +01:00
Atomic Red Team doc generator 9175d8dc59 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-15 16:01:55 +00:00
Atomic Red Team GUID generator a0c3f39325 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-15 16:01:47 +00:00
codec-hasqui 0440c69f3b T1567.002.yaml creation with new rclone to Mega exfil test (#2228) 
* Create T1567.002.yaml

* Add files via upload

* Delete T1567.002.yaml

* Update T1567.002.yml

* Update T1567.002.yml

* Update T1567.002.yml

* Create T1567.002.yaml

* Delete T1567.002.yml

* Update T1567.002.yaml

* Update T1567.002.yaml

* update display name

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-11-15 11:01:20 -05:00
Atomic Red Team doc generator 6024dac957 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-15 15:56:55 +00:00
Carrie Roberts cecca22f67 HiveNightmare simplifications (#2230) 
* HiveNightmare simplifications

* Update T1003.002.yaml

* Update T1003.002.yaml

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2022-11-15 08:56:24 -07:00
Atomic Red Team doc generator feca620bc4 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-15 15:48:37 +00:00
Jacques Decarie 291ff6f4c6 updating T1021.006-2 (#2229) 2022-11-15 10:47:54 -05:00
Alex Malone 58a9e7fb08 attempt to fix merge conflict 2022-11-10 13:15:26 -06:00
Atomic Red Team doc generator fb7b147eac Generated docs from job=generate-docs branch=master [ci skip] 2022-11-10 17:01:07 +00:00
Carrie Roberts ebe511a738 small title correction (#2226) 2022-11-10 12:00:37 -05:00
Atomic Red Team doc generator 2a798d98d1 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-10 16:59:20 +00:00
Carrie Roberts 956a699a65 expand description (#2227) 
* expand description

* add cve number and link
 2022-11-10 11:58:47 -05:00
Hare Sudhan 1083e1ddbe Merge branch 'master' into tf 2022-11-10 10:11:10 -05:00
Hare Sudhan 3000742f7d reorg terraform files 2022-11-10 10:10:17 -05:00
Atomic Red Team doc generator 6d0287a984 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-09 16:35:35 +00:00
Atomic Red Team GUID generator 0342b04584 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-09 16:35:29 +00:00
Jose Enrique Hernandez c9ccfd64a3 Merge pull request #2220 from packetzero/am_t1547007_reopen_coded 
Add two MacOS T1547.007 loginwindow reopen tests
 2022-11-09 11:35:01 -05:00
Jose Enrique Hernandez 5e0b77ff35 Merge branch 'master' into am_t1547007_reopen_coded 2022-11-09 11:34:18 -05:00
Jose Enrique Hernandez b567130807 Merge branch 'master' into am_t1547007_reopen_coded 2022-11-09 11:34:11 -05:00
Atomic Red Team doc generator c72cc5c3aa Generated docs from job=generate-docs branch=master [ci skip] 2022-11-09 16:34:10 +00:00
Atomic Red Team GUID generator 1f1800a730 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-09 16:34:04 +00:00
Jose Enrique Hernandez 3fec85b734 Merge branch 'master' into am_t1547007_reopen_coded 2022-11-09 11:33:52 -05:00
Jose Enrique Hernandez 5cdfa5a9a6 Merge pull request #2217 from packetzero/am_t1547006_kextload 
Add T1547.006 kernel module load and unload tests for MacOS
 2022-11-09 11:33:40 -05:00
Jose Enrique Hernandez 89aa57c332 Merge branch 'master' into am_t1547006_kextload 2022-11-09 11:33:03 -05:00
Atomic Red Team doc generator 2b62e8a3c0 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-09 16:29:21 +00:00
Atomic Red Team GUID generator 9f65cb32e3 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-09 16:29:15 +00:00
Jose Enrique Hernandez 352136941c Merge pull request #2212 from packetzero/am_t1040_macos_pcap 
Add two T1040 packet capture tests for macos using /dev/bpf
 2022-11-09 11:28:43 -05:00
Jose Enrique Hernandez db1b815881 Merge branch 'master' into am_t1040_macos_pcap 2022-11-09 11:27:07 -05:00
Atomic Red Team doc generator c55f3ecce0 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-07 21:25:36 +00:00
Carrie Roberts ee954d215c mv 2 1547 tests to 1546 (#2223) 2022-11-07 14:25:09 -07:00
Atomic Red Team doc generator 55d2311eeb Generated docs from job=generate-docs branch=master [ci skip] 2022-11-07 21:21:50 +00:00
Atomic Red Team GUID generator 09ad06700a Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-07 21:21:43 +00:00
BlueTeamOps 83ca10639b Update T1003 (#2225) 
* Added AppCmd list command

AppCmd list command can be used to retrieve IIS service account credentials.

* Update - Test name update and a new test

Updated the test name of 6c7a4fd3-5b0b-4b30-a93e-39411b25d889
Added a new test to simulate /config command for AppCmd
 2022-11-07 14:21:05 -07:00
Atomic Red Team doc generator 17b4c931b6 Generated docs from job=generate-docs branch=master [ci skip] 2022-11-07 14:39:00 +00:00
Atomic Red Team GUID generator c03fb24928 Generate GUIDs from job=generate-docs branch=master [skip ci] 2022-11-07 14:38:54 +00:00
BlueTeamOps ae01b90e1f Added AppCmd list command (#2224) 
AppCmd list command can be used to retrieve IIS service account credentials.
 2022-11-07 07:38:16 -07:00
packetzero f6004e7d91 fix prerequisite checks 2022-11-04 16:56:11 -05:00
packetzero 576d92a4dc fix prerequisite check for compile step 2022-11-04 16:46:04 -05:00
Alex M 3c28d6cb5d make Invoke happy with prereq check, remove comments in executor script 2022-11-04 16:41:57 -05:00
Jose Enrique Hernandez 7678b665a0 Merge branch 'master' into am_t1547007_reopen_coded 2022-11-04 16:35:56 -04:00
Jose Enrique Hernandez 11d4b8086d Merge branch 'master' into am_t1040_macos_pcap 2022-11-04 16:06:31 -04:00