fd90991054
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:17:13 +00:00
d3f49a0913
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-27 20:17:07 +00:00
066d82351c
New AutoDial DLL persistence atomic ( #2207 )
...
* New AutoDial DLL persistence atomic
* Update T1546.yaml
2022-10-27 14:16:38 -06:00
a3f9a79d63
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 17:12:15 +00:00
74a13a8b92
Merge pull request #2206 from redcanaryco/isofix
...
Update T1553.005 - Runs lnk now
2022-10-27 10:11:38 -07:00
93c92d10b2
Update T1553.005 - Runs lnk now
2022-10-27 11:03:58 -06:00
fb016d2185
adding ad module installation
2022-10-26 22:14:40 -04:00
4a1b998747
modifying terraform commands to manual run
2022-10-26 22:12:37 -04:00
72353f72f2
Merge branch 'master' into tf
2022-10-26 16:02:12 -04:00
e149cf9df2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-26 15:13:43 +00:00
dba79489fb
Incomplete Process Termination Process ( #2205 )
...
The Notepad process was not terminating after the command execution
Line Added:
taskkill /im notepad.exe /t /f > NUL 2>&1
The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
2022-10-26 09:13:05 -06:00
aa218974e7
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-25 00:18:35 +00:00
d29652b752
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-25 00:18:27 +00:00
ba34e45163
Merge pull request #2197 from redcanaryco/aws_password_spray
...
AWS - Password Spray an AWS using GoAWSConsoleSpray
2022-10-24 17:17:49 -07:00
8b43cf51f7
Merge branch 'master' into aws_password_spray
2022-10-24 17:16:55 -07:00
f2ceee6e92
Merge branch 'master' into tf
2022-10-24 12:28:07 -04:00
e4844d7576
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:27:34 +00:00
890607b6fe
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:27:28 +00:00
f710d57e40
T1547.004 new hklm tests ( #2196 )
...
* Created 3 copies of the original HKCU tests but on HKLM
Committer: Thomas De Brelaz <thockoro@hotmail.com >
* Removed Notify tests, no longer supported in win10 and the tests were broken due to missing dll prerequisite
* re-added notify test
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:27:01 -06:00
4787dc43e9
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:19:18 +00:00
b1048a588d
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:19:11 +00:00
638ba68ee6
Tccontre patch 1 ( #2200 )
...
* Update T1124.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1016.yaml
* Update T1016.yaml
* update test name
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:18:40 -06:00
9b4c575d76
terraform variable changes
2022-10-24 12:15:48 -04:00
464fee8ba4
Merge branch 'master' into tf
2022-10-23 17:09:50 -04:00
b9aebd1c0e
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-21 02:18:13 +00:00
f3a038ca78
Remove trailing \ from web_shells default path ( #2199 )
...
xcopy doesn't work when there is a trailing \ in a path.
default: PathToAtomicsFolder\T1505.003\src\ caused the "Invalid path" error
Removing the trailing \ fixes the issue
2022-10-20 20:17:29 -06:00
3927202872
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-20 21:47:35 +00:00
80be4123cd
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-20 21:47:29 +00:00
0d4622f4e8
Update T1564.yaml ( #2198 )
2022-10-20 15:46:58 -06:00
dfd1f668af
adding atomic
2022-10-19 16:16:08 -07:00
7ff57f38b5
Merge branch 'master' into patch-2
2022-10-19 16:09:28 -04:00
27f8de3193
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 16:13:48 +00:00
f10bb08817
fix dir creation ( #2194 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-19 10:13:16 -06:00
069461eec1
Fix T1546.004 for remote execution on Linux
...
When using PowerShell remoting to Linux system where PowerShell <7.3 is installed, there is this quirk that right after connection is established, there must be nothing printed to stdout (no banner, nothing echoed in .bashrc). That's likely the reason for `-nologo` in sshd configuration [1] from my testing. Execution of the this test before this commit breaks SSH and even running cleanup command after initial test execution fails.
To prevent this test breaking SSH during described usage, default command was changed to print to file and not stdout.
Also replaced sed command in cleanup as it breaks when `command_to_add` is more complex command containing sed-specific special characters (e.g. `>`).
[1] https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-7.2
2022-10-19 14:42:18 +02:00
99f4231d0b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:43:05 +00:00
dd82e78da7
Merge pull request #2099 from chronolator/T1201_Improved
...
T1201_Improved
2022-10-18 21:42:37 -04:00
9c3f3e6b9e
Merge branch 'master' into T1201_Improved
2022-10-18 21:41:30 -04:00
69028837c2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:28:38 +00:00
7b1e347a4d
Update T1014.md because of typo at Test number 3 (yaml corrected) ( #2189 )
...
ld.so.preload instead of ls.so.preload
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:28:00 -06:00
2be544c1d5
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:26:46 +00:00
a865221e1a
Minor edits to test number 2 ( #2190 )
...
Separated reference URLs in description section with commas ','
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:26:16 -06:00
ff1a5cf07b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:25:12 +00:00
0f6a242985
T1106_update ( #2192 )
...
* T1106_update
* typo fix
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:24:39 -06:00
3802eaffdf
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:22:59 +00:00
e3cb7dbc2b
T1105_update ( #2191 )
...
* T1105_update
* Update the syntax issue
* typo fix
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:22:14 -06:00
825c959f98
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-18 16:52:04 +00:00
da55a259c9
Fix T1098.004 ( #2193 )
...
Fix for systems with multiple authorized keys. Without quotes, the echo command separates new lines with space instead of new line character which breaks authorized_keys file in case there are multiple keys in the file.
2022-10-18 10:51:15 -06:00
5335976629
Merge branch 'master' into tf
2022-10-17 14:20:30 -04:00
4abb614556
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-17 16:47:12 +00:00
0d7ea66552
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-17 16:47:06 +00:00
Atomic Red Team doc generator