security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,693 Commits 47 Branches 0 Tags
7d494dcbce336fbefea9b2d63d54b7205bf99bf7
Commit Graph

2693 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tjgeorgen 7d494dcbce Fix file path for PowerDump Import (#1466) 
seemed to download the module to $Env:Temp then run from .\, so I changed both to $Env:Temp
 2021-05-18 08:51:47 -06:00
CircleCI Atomic Red Team doc generator 65510577ca Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-14 11:34:42 +00:00
CircleCI Atomic Red Team GUID generator 4578cb3549 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-14 11:34:35 +00:00
Wesley Cesar d4c78db8c4 Update T1082.yaml (#1435) 2021-05-14 05:34:01 -06:00
CircleCI Atomic Red Team doc generator 1186af54a7 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-13 20:44:17 +00:00
CircleCI Atomic Red Team GUID generator 5f57e740fb Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-13 20:44:10 +00:00
Ján Trenčanský a7a1e69bda WMI create process using indirect Win32_Process call (#1461) 
* Win32_Process obfuscate

* T1047-8 cleanup command

* T1047-8 add process_to_execute argument

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-05-13 14:43:37 -06:00
Geoff Galitz ce9f8f63ba Fix minor typo Specigy -> Specify (#1462) 
Co-authored-by: woodyhacker <cesarholz497@gmail.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-05-13 14:42:06 -06:00
Brook Riggio e062b5296d Update atomic_test_template.yaml (#1463) 2021-05-13 14:38:26 -06:00
CircleCI Atomic Red Team doc generator 03ee9ef29b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-08 18:03:02 +00:00
CircleCI Atomic Red Team GUID generator ef116ab4e0 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-08 18:02:55 +00:00
inc0gnit0 c6d8941307 Added T1560.002, T1486, T1059.006 - Blackbot Inc. (#1438) 
* Added T1486

* Added T1560.002

* Added T1059.006

Co-authored-by: ryang <ryang@blackbot.io>
Co-authored-by: SpookySec <anonymousbot100110@gmail.com>
 2021-05-08 12:02:28 -06:00
tlor89 cf2250b19c T1046_Update (#1460) 
Co-authored-by: Toua Lor <tlor@nti.local>
 2021-05-07 09:26:27 -06:00
dependabot[bot] a4c57bdae3 Bump rexml from 3.2.4 to 3.2.5 (#1455) 
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-05-03 16:59:59 -06:00
CircleCI Atomic Red Team doc generator 1b7cc49d63 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-05-03 22:58:57 +00:00
Brian Thacker ef179339ab Update T1562.001 Test 3 (#1456) 
Added cleanup commands. Added elevation required
 2021-05-03 16:58:37 -06:00
CircleCI Atomic Red Team doc generator 5fc22afd72 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-30 20:56:30 +00:00
monoors b43b7a6f07 Update T1056.004.yaml (#1453) 
This parameter is required on systems where no internet explorer is installed, otherwise a parsing error will occur:

curl : The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch
configuration is not complete. Specify the UseBasicParsing parameter and try again.
At line:2 char:1
+ curl https://www.example.com}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotImplemented: (:) [Invoke-WebRequest], NotSupportedException
    + FullyQualifiedErrorId : WebCmdletIEDomNotSupportedException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-30 14:55:54 -06:00
CircleCI Atomic Red Team doc generator 6bd8fc68e7 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-30 20:53:20 +00:00
tlor89 6b724298f1 T1562.002_Update (#1451) 
Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-30 14:53:00 -06:00
CircleCI Atomic Red Team doc generator 5dd066ec61 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-30 20:50:27 +00:00
CircleCI Atomic Red Team GUID generator 50f1ea7a06 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-30 20:50:22 +00:00
Ján Trenčanský 731a7c9ed6 T1053.005 create SchduledTask using WMI class (#1434) 
* ScheduledTask via WMI

* Fix typos and XML load

* Fix wrong cmdlet name in test name

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-30 14:49:42 -06:00
CircleCI Atomic Red Team doc generator 513b2f7cc9 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-30 20:42:42 +00:00
Michael Boman 0379f23997 Take 2 on making psexec a configurable dependency. (#1450) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-30 14:41:57 -06:00
CircleCI Atomic Red Team doc generator f9d21d9a0e Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-29 22:44:57 +00:00
MrOrOneEquals1 7cdea9c925 fix for install and check (#1452) 2021-04-29 16:44:35 -06:00
CircleCI Atomic Red Team doc generator 9129ed61a3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-27 22:21:24 +00:00
CircleCI Atomic Red Team GUID generator e909621a57 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-27 22:21:19 +00:00
Wesley Cesar 6954425558 Update T1046.yaml (#1436) 
* Update T1046.yaml

* Create T1046.py

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-27 16:20:51 -06:00
CircleCI Atomic Red Team doc generator b47fde5ba6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-27 22:17:12 +00:00
Rodney f0dc61911a changed calc to notepad for T1055.012 (#1437) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-27 16:16:42 -06:00
CircleCI Atomic Red Team doc generator 650a5b6c27 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-27 21:59:00 +00:00
tlor89 6806b2ccc1 T-1562.004_Test6_Update (#1448) 
* T-1562.004_Test6_Update

* add force to the copy command

Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-27 15:58:37 -06:00
CircleCI Atomic Red Team doc generator dcd84948b0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-27 21:51:10 +00:00
Michael Boman dac15a5494 Fix #1443 (#1445) 
* Fixes #1443 with updated URL to wireshark.

* Added npcap dependency

* Whitespace *sigh*

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-27 15:50:49 -06:00
CircleCI Atomic Red Team doc generator f32bcc822c Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-27 21:44:44 +00:00
Michael Boman 86b0d22094 T1078.001 make guest account configurable (#1447) 
* Autocommit of generated test

* Fixed dependecy for psexec so the tool can be automatically downloaded.

* Delete T1036.002.yaml

* Fix #1446

* Delete T1021.002.yaml

Shouldn't appear in this branch...
 2021-04-27 15:44:21 -06:00
CircleCI Atomic Red Team doc generator 7f899892ec Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-26 20:51:00 +00:00
Michael Boman 59d69167b7 Fixed an issue where -CheckPrereqs could not create the required files. (#1439) 2021-04-26 14:50:18 -06:00
CircleCI Atomic Red Team doc generator 7210a9b02f Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-19 17:50:30 +00:00
Anton Kutepov c14c0357dc [OSCD Sprint #2] Final Pull Request / Summary (#1431) 
* Updating T1016 to include macos firewall enumeration

* Tests added

* standardize display name

* Add tests for T1134.001 Access Token Impersonation/Theft (#1236)

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* adding socketfilterfw and cleaning up description formatting, adding description details

* Changing to device manufacturer based test

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Add test for T1006 Direct Volume Access (#1254)

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* [OSCD] T1036.004: Masquerade Task or Service - 2 tests (#1253)

* T1036.004 - 2 tests added

* Update T1036.004.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* T1136.002 - 2 tests added (#1252)

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* [OSCD] Create atomic test for T1113 for Windows (#1251)

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* update T1564.002

* update T1564.002

* add Gatekeeper disable; add cleanup for security tools disable; add another launchagent for carbon black defense; remove Gatekeeper disable command from Gatekeeper bypass technique

* Added T1562.006 tests to emulate indicator blocking by modifying configuration files

* split linux and macos tests for TT1518.001; update processes list

* Update T1518.001.yaml

* Removed prereq and fixed command endings

* Indirect command execution - conhost (#1265)

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* [OSCD] Office persiststence :  Office test (#1266)

* Office persiststence :  Office test

* Added technique details

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Remove index files to avoid CI complaints.

* Grr

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Update T1518.001.yaml

* [OSCD] Adding T1547.010 (#1264)

* Port monitor addition

* Rename T1547.010.yml to T1547.010.yaml

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Generate docs from job=validate_atomics_generate_docs branch=oscd

* Fixed typos in test names

Co-authored-by: remotephone@gmail.com <remotephone@gmail.com>
Co-authored-by: haresudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: gregclermont <580609+gregclermont@users.noreply.github.com>
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carl <57147304+rc-grey@users.noreply.github.com>
Co-authored-by: mrblacyk <kweinzettl@gmail.com>
Co-authored-by: sn0w0tter <42819997+sn0w0tter@users.noreply.github.com>
Co-authored-by: Yugoslavskiy Daniil <yugoslavskiy@gmail.com>
Co-authored-by: yugoslavskiy <daniil@yugoslavskiy.com>
Co-authored-by: omkargudhate22 <36105402+omkar72@users.noreply.github.com>
Co-authored-by: Keith McCammon <keith@redcanary.com>
Co-authored-by: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com>
 2021-04-19 11:49:59 -06:00
CircleCI Atomic Red Team doc generator 9f9eed13ea Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-19 17:35:02 +00:00
CircleCI Atomic Red Team GUID generator 83510cb71c Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-19 17:34:57 +00:00
jtothef 2c21e810c1 Add T1491.001 (#1429) 
* Add T1491.001

Adding new atomic for T1491.001 - Defacement: Internal Defacement
Uses PowerShell to download image and sets it as the desktop wallpaper.
Additionally, script will create a file holding the location to the original wallpaper image and restore it during cleanup.

Confirmed operational on Windows 10.

* Update T1491.001.yaml

Adding formatting changes

* Update T1491.001.yaml

Adding a few additional formatting changes.
 2021-04-19 11:34:37 -06:00
CircleCI Atomic Red Team doc generator 3563a38fc8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-18 03:57:42 +00:00
CircleCI Atomic Red Team GUID generator aebaa03a44 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-18 03:57:37 +00:00
mayday-035 8af0006607 Test for T1221 Remote Template Injection (#1424) 
* Test for T1221 Remote Template Injection

* Update T1221.yaml

* Update T1221.yaml

* Update T1221.yaml

* Update T1221.yaml

* Update T1221.yaml

* Create readme.txt

* Files to complete this test.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-04-17 21:57:22 -06:00
CircleCI Atomic Red Team doc generator 393890982c Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-04-18 03:28:58 +00:00
Scoubi 0a6ee1aac7 Use wildcard '*' for .NET path (#1430) 
This way the test will be valid for future release of .NET. 
It has already jump from 5.0.3 to 5.0.5 while I was building this test.
 2021-04-17 21:28:35 -06:00