security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,498 Commits 47 Branches 0 Tags
96f61076f97ddee5996300a4e75e3c1b83eabf1f
Commit Graph

2498 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CircleCI Atomic Red Team doc generator 96f61076f9 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:42:27 +00:00
CircleCI Atomic Red Team GUID generator 79f6986b1a Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:42:19 +00:00
Itamar 42472533fa Update T1048.003.yaml (#1357) 
Hi,

I added two atomic tests for exfiltration using HTTP and SMTP.
1. Exfiltration Over Alternative Protocol - HTTP
2. Exfiltration Over Alternative Protocol - SMTP

Itamar

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:41:50 -07:00
CircleCI Atomic Red Team doc generator c21c1ba13e Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:23:16 +00:00
Michael Haag a5af0cc644 Update T1218.010.yaml (#1359) 
Modified T1218.010 to allow for modification of path and name of regsvr32.exe

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:22:48 -07:00
Michael Haag bbcf685889 Update T1055.cs (#1361) 
dll was named incorrectly in .cs. Fixed and confirmed operational.

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:19:55 -07:00
CircleCI Atomic Red Team doc generator c0591491f1 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:16:04 +00:00
Michael Haag 39954ec1af Update T1218.yaml (#1360) 
Updated microsoft.workflow.compiler.exe test

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:15:29 -07:00
CircleCI Atomic Red Team doc generator 9660d0a33e Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:12:45 +00:00
CircleCI Atomic Red Team GUID generator abfd1e042b Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-08 16:12:36 +00:00
Ama Smuggle Avocados d721e09ede Scriptcontrol (#1348) 
* initial

* updates

* initial

* update

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Update T1204.002.yaml

* Update T1204.002.yaml

* updates

* remove code

* correct url

* works with 32bit Chrome, simplified commands

Co-authored-by: avocado <avocados@smuggler.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-08 09:12:14 -07:00
CircleCI Atomic Red Team doc generator 5cc2b5a88d Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-07 16:43:14 +00:00
CircleCI Atomic Red Team GUID generator ed7d3faabd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-07 16:43:06 +00:00
Carrie Roberts 6f40ae85f5 solarigate atomic (#1358) 2021-01-07 09:42:43 -07:00
CircleCI Atomic Red Team doc generator fb179a30a8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 19:39:15 +00:00
CircleCI Atomic Red Team GUID generator a3ad539a58 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 19:39:08 +00:00
Clément Notin 7c1471c403 T1110.001: add test "Brute Force Credentials of single domain user via LDAP against domain controller (NTLM or Kerberos)" (#1354) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 12:38:52 -07:00
CircleCI Atomic Red Team doc generator 4dbcb20934 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:51:58 +00:00
CircleCI Atomic Red Team GUID generator a4ca274d7d Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:51:49 +00:00
Clément Notin c71444f1dc T1110.003: add test "Password spray all domain users with a single password via LDAP against domain controller (NTLM or Kerberos)" (#1349) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:51:31 -07:00
CircleCI Atomic Red Team doc generator 0b9d36e786 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:47:31 +00:00
CircleCI Atomic Red Team GUID generator 9a59eac0b8 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:47:22 +00:00
Clément Notin d5b6e69f89 T1003.006: add DCSync test (#1352) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:46:59 -07:00
CircleCI Atomic Red Team doc generator 603040c6e3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:42:39 +00:00
CircleCI Atomic Red Team GUID generator 90611a079a Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:42:30 +00:00
Clément Notin b0a0bbc66e T1055: add new test "Remote Process Injection in LSASS via mimikatz" (#1353) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:42:08 -07:00
CircleCI Atomic Red Team doc generator 443e0318fc Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:35:50 +00:00
CircleCI Atomic Red Team GUID generator 7ef584f9fd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:35:42 +00:00
Clément Notin d50239ff57 T1558.001: add test "Golden ticket" (#1351) 
* T1558.001: add test "Golden ticket"

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

* Add support for default domain SID (one less parameter to specify)

With default:
invoke-atomictest T1558.001 -InputArgs @{ "domain" = "lab.lan" ; "krbtgt_aes256_key"="xxxxx" }
[...]
mimikatz(commandline) # kerberos::golden /domain:lab.lan /sid:S-1-5-21-1891480667-311803191-3341389180 /aes256:xxxxx /user:goldenticketfakeuser /ptt

With specific SID ("toto"):
invoke-atomictest T1558.001 -InputArgs @{ "domain" = "lab.lan" ; "krbtgt_aes256_key"="xxxxx" ; "domain_sid"="toto" }
[...]
mimikatz(commandline) # kerberos::golden /domain:lab.lan /sid:toto /aes256:xxxxx /user:goldenticketfakeuser /ptt

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:35:14 -07:00
CircleCI Atomic Red Team doc generator ccb97235c4 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-06 18:20:33 +00:00
Clément Notin 4064764c17 T1207: automate test for DCShadow (#1350) 
Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
Co-authored-by: Clément Notin <clement.notin@alsid.com>

Co-authored-by: Zakaria Addi <zakaria.addi@alsid.com>
 2021-01-06 11:20:11 -07:00
CircleCI Atomic Red Team doc generator 91e05be201 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-05 23:34:56 +00:00
Michael Haag 8c4eb62532 Update T1127.001.yaml (#1356) 
Modified Atomic Test to allow for more granular control of input arguments.

Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-01-05 16:34:35 -07:00
CircleCI Atomic Red Team doc generator 4c655f1e84 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-05 23:31:24 +00:00
Brian Thacker 139ed0927e Update T1550.003.yaml (#1355) 
Added prereqs to test 1
 2021-01-05 16:30:39 -07:00
CircleCI Atomic Red Team doc generator aed82f6297 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-01 23:43:53 +00:00
CircleCI Atomic Red Team GUID generator 871cab05dd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-01-01 23:43:46 +00:00
tlor89 bb9c4b1f6f T1049 update (#1347) 
* T1049-Update

* T1049-Update

* T1049-Update

Co-authored-by: Toua Lor <tlor@nti.local>
 2021-01-01 16:43:33 -07:00
CircleCI Atomic Red Team doc generator aa9f47cdae Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2020-12-29 14:18:50 +00:00
Matt Graeber 1ce97c0325 Merge pull request #1346 from redcanaryco/clr2of8-patch-2 
update gup.exe download link
 2020-12-29 09:18:20 -05:00
Carrie Roberts c4f6609515 update gup.exe download link 2020-12-28 16:02:35 -07:00
CircleCI Atomic Red Team doc generator 582d2e97f8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2020-12-28 22:45:56 +00:00
Brian Thacker d9dcbd3dec T1070.003 test7 cleanup (#1345) 
* Update T1070.003.yaml

Added cleanup command to test "Clear and Disable Bash History Logging"

* Update T1070.003.yaml

corrected spacing

* Update T1070.003.yaml

changed echo set -o to a sed replace command
 2020-12-28 15:45:17 -07:00
CircleCI Atomic Red Team doc generator 527fd3b78b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2020-12-28 16:19:14 +00:00
CircleCI Atomic Red Team GUID generator b699820fe3 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2020-12-28 16:19:04 +00:00
Matt Graeber 91e0e61c94 Adding RemoteFXvGPUDisablement.exe LOLBin coverage (#1341) 
* Update T1218.yaml

Adding RemoteFXvGPUDisablement.exe LOLBIN coverage via AtomicTestHarnesses to T1218. Thanks, @MHaggis!

* Update T1218.yaml

Adding a more detailed description for this test.

* Update T1218.yaml
 2020-12-28 09:18:37 -07:00
CircleCI Atomic Red Team doc generator aa8e484d30 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2020-12-21 16:40:14 +00:00
CircleCI Atomic Red Team GUID generator 9be279e20f Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2020-12-21 16:40:06 +00:00
Matt Graeber ef3f58fe24 Merge pull request #1338 from clr2of8/icedid 
rundll32 spawning mshta and wscript
 2020-12-21 11:39:46 -05:00
Matt Graeber 24b31fa6cc Merge branch 'master' into icedid 2020-12-21 11:38:51 -05:00