security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
421 Commits 47 Branches 0 Tags
94a30700bc03be8773496b33ce68a2a187dc6c19
Commit Graph

146 Commits

Author SHA1 Message Date
caseysmithrc bd3170421e Merge pull request #135 from redcanaryco/yaml-spec 
Proposed YAML spec and validation script
 2018-05-09 18:29:49 -04:00
caseysmithrc 3bea351443 Update mshta.sct 2018-05-08 17:05:54 -06:00
caseysmithrc d8b7e75619 Update mshta.sct 2018-05-08 16:49:15 -06:00
caseysmithrc 9fe04531fe Update mshta.sct 2018-05-08 16:43:20 -06:00
caseysmithrc b320eb3949 Update mshta.sct 2018-05-08 16:42:13 -06:00
caseysmithrc 3df40194fd Update mshta.sct 2018-05-08 16:41:05 -06:00
Michael Haag ef53daad74 Merge pull request #134 from redcanaryco/atomic-dev-cs 
Atomic dev cs
 2018-05-07 16:21:30 -04:00
caseysmithrc cb7f4a7923 Fix 2018-05-07 14:20:16 -06:00
caseysmithrc 934bb78ea8 Fix 2018-05-07 14:18:51 -06:00
Michael Haag 63f495d984 Merge pull request #132 from JimmyAstle/wmi-event-sub-fix 
minor syntax update
 2018-05-07 16:13:12 -04:00
Michael Haag 796e750e8b Merge pull request #133 from redcanaryco/atomic-dev-cs 
InstallUtil Test Update
 2018-05-07 16:12:45 -04:00
caseysmithrc 3ebbb99a3a InstallUtil Test Update 2018-05-07 14:06:41 -06:00
Jimmy Astle b2ccaa911b minor syntax update 
Just updating the syntax on the $filtertoconsumerargs
 2018-05-07 15:43:40 -04:00
Michael Haag d3c4cb1f69 SquiblyTwo - payload URL 
payload URL added
 2018-05-01 15:31:04 -04:00
Michael Haag d508c3a71a SquiblyTwo 
Adding SquiblyTwo
 2018-05-01 15:29:42 -04:00
caseysmithrc ed9729de89 Merge branch 'master' into atomic-dev-cs 
Fix Folder For Hooking
 2018-04-25 11:44:09 -06:00
Mo 045a13030b Update CMSTP.md 
Should it also be "Local:"?
 2018-04-25 18:37:19 +01:00
Michael Haag 7467e6aade Merge pull request #125 from redcanaryco/atomic-dev-cs 
Hooking T1179
 2018-04-25 13:10:18 -04:00
caseysmithrc 0ee8cfae2b Update AtomicSSLHook.cpp 2018-04-25 10:57:23 -06:00
caseysmithrc 4834b6928f Update AtomicSSLHook.cpp 2018-04-25 10:56:26 -06:00
caseysmithrc 191d95c26a Hooking T1179 
Atomic Hooking Technqiue
 2018-04-25 10:52:00 -06:00
Michael Haag 074d2f57e0 CMSTP 
Add to matrix and add new remote
 2018-04-25 11:12:18 -04:00
Michael Haag b89a8ca7b7 Updated Map 
Updated map
also fixed name
 2018-04-24 10:31:26 -04:00
Michael Haag 7ef84e4815 Credential_Access/Hooking 2018-04-24 10:17:42 -04:00
caseysmithrc 1880f27b14 Merge pull request #119 from olafhartong/master 
Mitre ATT&CK Navigator layer
 2018-04-24 08:29:01 -04:00
benjaminkoffel c4560e01ff Update bitsadmin.md with powershell equivalent. 2018-04-22 18:38:47 +10:00
Olaf Hartong 78db0eb25f Added Attack Navigator layer 2018-04-18 15:14:58 +02:00
Olaf Hartong 5b38e14206 Added Attack Navigator layer 2018-04-18 15:12:30 +02:00
caseysmithrc f409af6dfa Merge pull request #117 from api0cradle/master 
Created T1191 and T1183, added technique to T1060
 2018-04-17 04:12:29 -06:00
api0cradle 92ab19d773 Created T1191 and T1183, added technique to T1060 2018-04-17 11:58:38 +02:00
Brian Beyer 55d9b37b22 start yamlizing a bunch of techniques 2018-04-17 00:13:12 -07:00
Ye Yint @ Rolan 7c58727dff updated link for Mitre April update 2018-04-16 16:19:46 +08:00
Ye Yint @ Rolan 7ffbd63d28 updated link for April update 2018-04-16 16:08:36 +08:00
Ye Yint @ Rolan 4e228bdf9d updated link for April update 2018-04-16 16:05:34 +08:00
Ye Yint @ Rolan 253995967d updated link for April update 2018-04-16 16:05:01 +08:00
Ye Yint @ Rolan 960f294333 changed as april update 2018-04-16 15:22:25 +08:00
Ye Yint @ Rolan d7d25a182c added Initial access column 2018-04-16 14:26:35 +08:00
Lee Holmes 9ddffd1b17 Adding starter implementation of Atomic Red Team Automation Framework, as well as Atomic Red Team testing framework 2018-04-15 17:54:49 -07:00
Rahmat Nurfauzi ec5af82e6e Update Disabling_Security_Tools.md 2018-04-13 20:29:22 +07:00
caseysmithrc 165607d242 Merge pull request #113 from redcanaryco/03082018 
How to Contrib and Lateral Movement
 2018-04-10 12:39:03 -06:00
Michael Haag 0bfdcfa480 Lateral Movement 
+ PtH
+ RDP
 2018-04-06 08:21:28 -04:00
caseysmithrc eced20df46 Merge pull request #108 from llandeilocymro/patch-1 
Create psexec
 2018-03-26 08:39:57 -06:00
llandeilocymro 5fd733a3ed psexec for lateral movement 2018-03-26 14:44:21 +01:00
Michael Haag e10be818ef Update Credential_Dumping.md 2018-03-21 14:13:10 -04:00
llandeilocymro c3bda067e2 cred dumping using the registry 2018-03-16 14:24:17 +00:00
llandeilocymro 1b3361896f Create psexec 2018-03-16 14:00:33 +00:00
caseysmithrc c5ed6a89f9 Update AtomicRedTeam.sct 2018-03-13 14:11:24 -06:00
Michael Haag 27cb5a75c6 Fix 
updated
 2018-03-08 14:28:13 -06:00
Michael Haag 8ba1dc8a19 Technique Adds 
Private Keys
- Find them

DDE
- Reference: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

Data Staged
 2018-03-08 14:26:18 -06:00
Michael Haag a6134b19c0 Techniques and Readme 
Technique: Hidden Files and Directories

Technique: Logon Scripts
- Source: https://github.com/NextronSystems/APTSimulator/blob/1c9048e834f0adabd18c8871d587fda42315575b/test-sets/persistence/userinit-mpr-logonscript.bat

Readme updates
 2018-03-08 08:11:24 -06:00