security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
271 Commits 47 Branches 0 Tags
a7ee6830f7784bec5d29d70bfa8d02669cd38e54
Commit Graph

55 Commits

Author SHA1 Message Date
Colby Farley a7ee6830f7 Removed PowerShell payload 2018-02-28 11:32:07 -06:00
Colby Farley dea84864fa Added screen capture discovery for Mac 2018-02-28 11:30:41 -06:00
Colby Farley ac4762e283 Changed filename and fixed remaining markdown issue 2018-02-27 12:30:32 -06:00
Colby Farley 28ac11f0a1 Should fix Markdown issue 2018-02-27 12:26:54 -06:00
Colby Farley 18a1a5521c Added a method to download and install PowerShell on Mac 2018-02-27 12:23:53 -06:00
Dan Bourke 3e4ba89cf4 adding actually published extension details 2018-02-26 16:26:56 +11:00
Dan Bourke 24412945ce add instructions for Firefox 2018-02-26 15:16:12 +11:00
Dan Bourke e52c8a8980 finishing mac bits 2018-02-26 13:08:47 +11:00
Dan Bourke e99ab35460 can't markdown 2018-02-26 12:55:34 +11:00
Dan Bourke d203930a36 can't markdown 2018-02-26 12:54:52 +11:00
Dan Bourke 9d247c281d add a 'minimum viable malicious extension' payload + collection notes for Mac 2018-02-26 12:52:26 +11:00
caseysmithrc ec226ab392 Merge pull request #85 from JeremyNGalloway/master 
PR to add Logon_Scripts.md entry and update the Mac ReadMe.md to include links
 2018-02-21 11:24:36 -07:00
caseysmithrc dcf4d09ce1 Merge pull request #84 from sdtyne/space_after_filename 
Space after filename
 2018-02-21 11:24:09 -07:00
JeremyNGalloway 14d31eba11 added Logon_Scripts.md link 2018-02-21 12:03:35 -06:00
JeremyNGalloway bb6265128b initial upload 2018-02-21 11:56:35 -06:00
Stuart Tyne f2b4008d28 Modifying space_after_filename to execute python hello world 2018-02-21 15:37:11 +11:00
Stuart Tyne 80c12f6c4e fixing typo in Space After Filename technique 2018-02-19 15:06:48 +11:00
Dan Bourke 258d7c83d5 fix formatting issue 2018-02-19 14:32:10 +11:00
Dan Bourke 1ad74772b7 mac and linux example setuid binary 2018-02-19 14:29:52 +11:00
Dan Bourke f2203aaf2b add probably-harmless c program 2018-02-19 13:57:07 +11:00
Stuart Tyne 5ba88dfa61 Adding Space After Filename technique 2018-02-19 10:42:31 +11:00
Stuart Tyne 172bee8a4c Adding Space After Filename technique 2018-02-19 10:38:02 +11:00
Stuart Tyne 396172559d Adding Space After Filename technique 2018-02-19 10:31:08 +11:00
Dan Bourke b73f61c5dc minor consistency edit 2018-02-13 14:39:08 +11:00
Dan Bourke 99db88ff0d add emond persistence mechanism 2018-02-13 14:36:59 +11:00
Michael Haag 5930ef5161 Update Exfiltration_Over_Alternative_Protocol.md 2018-02-08 06:53:06 -06:00
Dan Bourke b047c5575f update readme, update linux example path 2018-02-08 17:05:23 +11:00
Dan Bourke 809b85b2a2 add first pass at SSH exfiltration 2018-02-08 17:01:34 +11:00
Michael Haag 9a5128a7da Mac Matrix Update 
Updated Mac Matrix and technique names
 2018-01-16 11:00:21 -07:00
atmathis d0cf8c4542 Update Process Discovery 
* Made a change to Process Discovery (added saving the output for exfil)
* Added Process Discovery to Linux and updated grid
 2018-01-11 16:09:12 -05:00
atmathis 0e877849ef Fixing .bash_profile 
* Removed commands not related to this technique, and replaced them
with legitimate ones.
* Added .bash_profile page to Mac
 2018-01-11 15:54:20 -05:00
atmathis 9c9c27ddd1 Merge remote-tracking branch 'redcanaryco/master' 
# Conflicts:
#	Mac/README.md
 2018-01-11 09:58:01 -05:00
Michael Haag 29cf36761a Mac Discovery 
Added many techniques to Discovery for Mac
 2018-01-09 14:53:47 -07:00
Michael Haag c4bbef438a Mac Credential Access 
Added two Credential Access
 2018-01-09 10:01:11 -07:00
Michael Haag 3c84c659f5 Mac Persistence 
Added many mac persistence items and updated readme
 2018-01-09 09:07:41 -07:00
Michael Haag 4480d4d11d Cron Job name fix 
Removed incorrect name and made it proper.
 2018-01-09 07:08:46 -07:00
Michael Haag 8f10054683 Update Mac ReadMe 
Added all the missing pieces to the puzzle
 2018-01-09 07:03:47 -07:00
atmathis 42d3c51ed9 Fix Mac Grid 
* Updated Mac grid to add “.md” on Indicator_Removal_On_Host to resolve
404.
 2018-01-03 23:11:30 -05:00
Michael Haag 6160fd756e Readme 
Boring readme update
 2018-01-03 09:07:53 -07:00
Michael Haag 0b6275cf50 Mac Additions 
+ Account Discovery
+ File and Directory Discovery
 2018-01-03 09:05:14 -07:00
Michael Haag 1cb5f30dc0 Update Input_Prompt.md 2018-01-02 07:52:43 -07:00
atmathis 3ef9e7a62c Mac Defense Evasion/Launchctl 
* Added Mac Defense Evasion/Launchctl and updated Matrix
 2018-01-01 17:18:54 -05:00
atmathis 5802bb2df8 Mac Indicator Removal on Host 
* Added Mac Defense Evasion / Indicator Removal on Host and updated
Matrix
 2018-01-01 17:07:42 -05:00
atmathis a9b36650cd Mac Hidden Users 
* Added Defense Evasion/Hidden Users and updated Matrix
 2018-01-01 16:38:43 -05:00
atmathis 9b9bd358ed Update HISTCONTROL 
* Added route to setting permanently in .bash_profile
 2018-01-01 16:17:10 -05:00
atmathis 0ddc31b336 Mac/Linux HISTCONTROL 
* Added HISTCONTROL for Mac and Linux, and updated Matrices
* Corrected Gatekeeper Bypass title
 2018-01-01 16:02:52 -05:00
atmathis 232d5eea29 Add Mac Defense Evasion/Disabling Security Tools 
* Added Disabling_Security_Tools under Mac Defense Evasion and added to
Matrix
* Added existing GateKeeper Bypass page to Matrix
 2018-01-01 15:10:44 -05:00
atmathis cac4566d2c Revert "Revert "Linux/Mac Command Clear"" 
This reverts commit 6439416b26.
 2018-01-01 14:30:45 -05:00
atmathis 6439416b26 Revert "Linux/Mac Command Clear" 
This reverts commit a0c6b2953c.
 2018-01-01 14:29:48 -05:00
atmathis a0c6b2953c Linux/Mac Command Clear 
* Updated title on Clear Command History
* Replicated Clear Command History from Mac to Linux
* Added links to both matrices
 2018-01-01 14:27:09 -05:00