security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,453 Commits 47 Branches 0 Tags
91e0e61c94deabdd44fe731270ad299261c16948
Commit Graph

2453 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CircleCI Atomic Red Team doc generator b69f27c2b3 Generate docs from job=validate_atomics_generate_docs branch=master 2020-09-03 21:49:12 +00:00
kpsmiley23 730a62b977 Update T1003.002.yaml (#1212) 
Request raw Invoke-PowerDump.ps1 instead of repository page
 2020-09-03 15:48:52 -06:00
CircleCI Atomic Red Team doc generator 04a409832e Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:40:34 +00:00
Geoff Galitz f7584be904 T1003 NPPSPY GetPrereqs location fix (#1202) 
* Before:  NPPSPY is installed into atomics src directories, test
looks for it in the local temp directory resulting in an error.

After: Test is changed to look for NPPSPY directly in atomics src
directory

* Change test to install prereq to local temp directory and work from
there.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-20 14:40:09 -06:00
CircleCI Atomic Red Team doc generator 1411b5ec4a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:38:40 +00:00
Laken Harrell 85f4f0ec3f fixed prereq_command (#1205) 
Co-authored-by: Harrell <LHarrell@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-20 14:37:47 -06:00
CircleCI Atomic Red Team doc generator 84054abce5 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:28:30 +00:00
Brandon Morgan c8be2137d7 T1197 desktopimgdwnldr.exe (#1206) 
* Update T1197.yaml

desktopimgdownldr.exe initial commit

* Update T1197.yaml

fixed parsing issue with command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-20 14:27:09 -06:00
CircleCI Atomic Red Team doc generator 7e5f711d57 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-20 20:21:38 +00:00
bbucao ee7deb22fd Update to T1040.yaml test 3 "Packet capture windows command prompt" (#1208) 2020-08-20 14:21:07 -06:00
Matt Graeber 7e8eec1c7a Merge pull request #1207 from clr2of8/csv-index 
fix csv link on README
 2020-08-19 11:34:24 -04:00
Carrie Roberts fbba105bf1 Merge branch 'master' into csv-index 2020-08-19 09:31:30 -06:00
clr2of8 496b3e5ebf fix csv link 2020-08-19 09:29:26 -06:00
Matt Graeber 9cfc1159fa Merge pull request #1204 from redcanaryco/clr2of8-patch-6 
include full path to manage-bde.wsf. Thanks, Carrie!
 2020-08-19 11:29:23 -04:00
CircleCI Atomic Red Team doc generator 232e7e9a0e Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-6 2020-08-18 22:39:29 +00:00
Carrie Roberts 55785dfd6a include full path to manage-bde.wsf 2020-08-18 16:38:09 -06:00
CircleCI Atomic Red Team doc generator d55d047117 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-18 17:34:50 +00:00
Jesse Brown c288b163f7 [UPDATE] COR_PROFILER to new ID (T1574.012) (#1191) 
* [UPDATE] COR_PROFILER technique

* remove md file

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-18 11:34:31 -06:00
Carrie Roberts 9293e18102 Update the Readme to point to the new Wiki (#1192) 
* readme points to wiki now

* update readme
 2020-08-18 11:31:09 -06:00
Carrie Roberts af15596708 Add link to new Wiki page on contributing (#1193) 
* point to wiki

* just edit link on top to point to new wiki
 2020-08-18 11:21:07 -06:00
CircleCI Atomic Red Team doc generator 405126235f Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-17 16:14:43 +00:00
Tsora-Pop f294dedadc New T1562.004 Test "Open local port through Windows Firewall for any profile" (#1200) 
* Update T1562.004.yaml

added new atomic test to open a port through Windows Firewall to any profile

* Update T1562.004.yaml

added some fixes to command and cleanup

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-17 10:14:16 -06:00
CircleCI Atomic Red Team doc generator 1427393485 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-17 16:10:14 +00:00
Jil Larner 6f3085ee17 T1098 - Implemented domain account manipulation (#1201) 
* Implemented Domain account manipulation

* remove manually specified GUID

removing GUID so it can be assigned at merge time.

Co-authored-by: Didier Cambefort <didier.cambefort@scrt.ch>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-17 10:09:53 -06:00
CircleCI Atomic Red Team doc generator af5f096360 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-16 02:49:11 +00:00
bbucao 4050f7e76c Update T1564.004 test 3 Create ADS command prompt (#1198) 
* Update T1564.004 test 3

* ignore errors when running cleanup multiple times

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-15 20:48:56 -06:00
CircleCI Atomic Red Team doc generator 19b5ee9ee4 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-16 02:31:44 +00:00
Jesse Moore f4d059dbbc Update T1003.002.yaml for PowerDump (#1196) 
* Update T1003.002.yaml for PowerDump

Added PowerDump to parse SAM and SYSTEM for usernames and Hash

* Add fixes

Updated with fixes.
Its not erroring with Multiple cleanup
Removed preReqs, don't need them
Removed SAM and SYSTEM file dep... PowerDump can just Dump Registry for Hashes and Usernames

* Getting permanent links to file

Added permanent link to PowerDump in BC-SECURITY Github

* updated description

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-15 20:31:19 -06:00
CircleCI Atomic Red Team doc generator 2de9e9fc3a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-16 02:24:17 +00:00
Tsora-Pop 6bd48533a3 Moved Atomic for RDP Hijacking (#1199) 
* Removing RDP Hijacking Atomic

Removing RDP Hijacking Atomic and moving to T1563.002-RDP Hijacking

* Create T1563.002.yaml

Moved from T1021.001
 2020-08-15 20:23:54 -06:00
CircleCI Atomic Red Team doc generator 22a8e308ca Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-15 23:14:57 +00:00
Dragonlord0 751a827e86 T1218 (#1197) 
* Added T1203 ProtocolHandler.exe

* Fixed numbering error

* remove white space

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-15 17:14:34 -06:00
CircleCI Atomic Red Team doc generator eb13ba719f Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-13 22:11:38 +00:00
Jil Larner 006bd1b046 Rough implementation of T1070.001 (clear Windows event logs) (#1151) 
* Rough implementation of T1070.001 (clear Windows event logs)

* Enhanced PS log clearing to cover all eventlogs

Co-authored-by: Jil <jil@localhost>
Co-authored-by: Michael Haag <mike@redcanary.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-13 16:11:16 -06:00
Carrie Roberts 2dce548893 typo fix (#1187) 
* typo fix

* Update README.md
 2020-08-11 13:35:09 -06:00
CircleCI Atomic Red Team doc generator bbb0d07652 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 23:34:08 +00:00
Victuos ab26dc3f70 Wrong commands in T1016 (#1186) 
* Update T1016.md

* Update T1016.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-07 17:33:16 -06:00
CircleCI Atomic Red Team doc generator 0f0b930b19 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 23:31:52 +00:00
harml3ss 84416dfdb3 Create sys_info.vbs (#1182) 
* Create sys_info.vbs

This file is to be used with a new atomic I am writing for T1059.005.

* Create sys_info.vbs

Moved vbscript to /src directory.

* Create T1059.005.yaml

Added yaml file for T1059.005

* Delete sys_info.vbs

* Update T1059.005.yaml

* Update T1059.005.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-07 17:31:18 -06:00
CircleCI Atomic Red Team doc generator bfa4d8bc54 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 19:33:50 +00:00
masonharrell cd1c015dfa added prereq to test #2 (#1185) 
* added prereq to test #2

* Update T1071.001.yaml

remove test "z"

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-07 13:33:31 -06:00
CircleCI Atomic Red Team doc generator 54c0e74a6c Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 17:38:33 +00:00
Carrie Roberts aa307557ea adding missing descriptions (#1184) 2020-08-07 11:38:14 -06:00
CircleCI Atomic Red Team doc generator 99a4e8850a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 17:14:19 +00:00
Carrie Roberts d8733662f9 fix markdown spacing after description (#1183) 2020-08-07 11:13:55 -06:00
CircleCI Atomic Red Team doc generator a97f3f7e3a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 14:44:32 +00:00
Jesse Moore c4706bb0d9 Update T1078.001 (#1179) 
* Create T1078.001 and yaml

Creating Folder for sub technique and yaml for .001

* Update T1078.001.yaml

* Update T1078.001.yaml

* Update T1078.001.yaml

Added Remote Desktop Users group and the capability to have multiple RDP connections to Desktop for Guest user

* edit display name

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-08-07 08:43:47 -06:00
CircleCI Atomic Red Team doc generator 3702cf9b21 Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-07 14:28:20 +00:00
bbucao d2bf308a63 T1531 - Removed the need for dependencies on tests 1 and 2 (#1181) 
* Update T1531.yaml

* Update T1531.yaml removed need for dependencies on tests 1 and 2
 2020-08-07 08:27:36 -06:00
CircleCI Atomic Red Team doc generator 3a6402298a Generate docs from job=validate_atomics_generate_docs branch=master 2020-08-06 14:49:43 +00:00