security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,967 Commits 47 Branches 0 Tags
b15ce24af75933cccd26e0bd602e2dfac2bbd796
Commit Graph

1967 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
clr2of8 b15ce24af7 add guid to csv indexes 2020-05-13 12:05:36 -06:00
clr2of8 8d7ac79b9d corrected error handling msg 2020-05-08 08:11:59 -06:00
clr2of8 216751d0a7 more fixes 2020-05-08 02:02:37 -06:00
Carrie Roberts f9033fd1bf chmod +x for script 2020-05-08 00:51:11 -06:00
clr2of8 a55779f39c a few more fixes 2020-05-08 00:44:33 -06:00
clr2of8 13c90f3f88 debugging 2020-05-08 00:35:40 -06:00
clr2of8 7e22a588c1 debugging 2020-05-08 00:32:58 -06:00
clr2of8 7c593943e2 debugging 2020-05-08 00:26:25 -06:00
clr2of8 e009fdea06 debugging 2020-05-08 00:22:54 -06:00
clr2of8 eae8d7a568 debugging 2020-05-08 00:17:35 -06:00
clr2of8 7a5287913e moved guid file to writable location 2020-05-08 00:10:28 -06:00
clr2of8 99916726ac add file to keep track of used guids 2020-05-07 23:59:07 -06:00
clr2of8 ebf10c34bb better regexes 2020-05-07 23:51:14 -06:00
clr2of8 3e6dff9ab7 add guid element 2020-05-07 22:42:41 -06:00
clr2of8 37814e116b add unique (per yaml file) guid 2020-05-07 07:22:35 -06:00
clr2of8 e47f18e28f wip 2020-05-06 19:38:51 -06:00
clr2of8 553f439941 wip 2020-05-06 19:22:52 -06:00
CircleCI Atomic Red Team doc generator 5859178fd7 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 16:32:18 +00:00
Carrie Roberts bc35907026 typo fix (#974) 2020-05-06 10:31:48 -06:00
CircleCI Atomic Red Team doc generator 06c2cb5074 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 16:27:13 +00:00
Jeremy Brooks c8520ab1af fix type in T1028 command (#976) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-06 10:26:34 -06:00
CircleCI Atomic Red Team doc generator da779f042d Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 16:23:43 +00:00
hypnoticpattern 7d63609ea3 Added dependencies and fixed tests for linux and macOS (#973) 
* Added dependencies and fixed tests

* Added description to dependencies.

* Executable presence checked in dependencies

Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-06 10:22:48 -06:00
CircleCI Atomic Red Team doc generator d9dfeab6c2 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 13:34:18 +00:00
Matt Graeber 9fa3eefeb3 Merge pull request #975 from jessecbrown/master 
[UPDATE] T1122 - Add two more COR_PROFILER tests
 2020-05-06 09:34:01 -04:00
Jesse Brown 3184bea5d8 [UPDATE] T1122 - Add two more COR_PROFILER tests 
Add two new cor_profiler tests leveraging system and user scope environment variables.
 2020-05-05 20:43:48 -04:00
CircleCI Atomic Red Team doc generator 9860e65402 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-04 16:47:56 +00:00
Tsora-Pop 405c8330fc Update T1219.yaml (#970) 
Added logmein download and execution. updated execution commands to reflect $env:username
 2020-05-04 10:47:11 -06:00
CircleCI Atomic Red Team doc generator 2bde901e95 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-02 00:36:51 +00:00
Jesse Brown 9b73020cee add T1122 COM Hijacking leveraging .NET profiler dll (#969) 
* t1122 first blood

* add T1122 COM Hijacking leveraging .NET profiler dll

* update gitignore an cleanup

* a little more clean up :D and gitignores

* remove precopiled objs
 2020-05-01 18:36:27 -06:00
Keith McCammon cd8ef8f5c0 OCD :) (#967) 
* OCD :)

* Generate docs from job=validate_atomics_generate_docs branch=atomic_friday

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-05-01 14:03:32 -06:00
Matt Graeber 83fe78b2ea Merge pull request #966 from redcanaryco/Notes_05012020_InvokeAtomicRedTeam 
Atomic Friday Notes - 05012020
 2020-05-01 15:13:48 -04:00
Mike Haag c0b2785f40 Atomic Friday Notes - 05012020 2020-05-01 13:10:50 -06:00
Keith McCammon d29abbca2c Create Atomic Friday holding pen 2020-05-01 12:55:55 -06:00
CircleCI Atomic Red Team doc generator 287511465a Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-01 15:56:01 +00:00
Carrie Roberts fd6a00b61c a little cleanup (#963) 2020-05-01 09:55:27 -06:00
CircleCI Atomic Red Team doc generator 4a8fc85718 Generate docs from job=validate_atomics_generate_docs branch=master 2020-04-29 15:23:58 +00:00
Carrie Roberts c269c93ef5 SharpHound fixes (#962) 
* little cleanup and correction to sharphound tests

* little cleanup and correction to sharphound tests

* little cleanup and correction to sharphound tests

* little cleanup and correction to sharphound tests

* little cleanup and correction to sharphound tests
 2020-04-29 09:23:36 -06:00
Michael Haag 163e84ca30 Update T1099.yaml - Timestomp (#960) 
* Update T1099.yaml

New Timestomp Atomic test added to emulate MITRE ATT&CKs recent APT29 evals.
https://attackevals.mitre.org/APT29

* Generate docs from job=validate_atomics_generate_docs branch=T1099Take2

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
 2020-04-28 11:36:12 -06:00
CircleCI Atomic Red Team doc generator f3e095dee9 Generate docs from job=validate_atomics_generate_docs branch=master 2020-04-28 17:04:21 +00:00
hypnoticpattern 57197a9a6f T1009, T1014, T1055, T1215: Added dependencies (#958) 
Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-04-28 11:03:53 -06:00
CircleCI Atomic Red Team doc generator 7c1e966f82 Generate docs from job=validate_atomics_generate_docs branch=master 2020-04-28 16:57:34 +00:00
Andrew Beers 18f618f20b T1086 T1087 T1088 T1089 Updates (#944) 
* 1087 Updates

* add 1086 Updates

* add T1088 updates

* update T1089

* typo fix

* typo fix

* typo fix

* fix input args

* remove uninstall sysmon changes

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-04-28 10:57:01 -06:00
CircleCI Atomic Red Team doc generator 7802132b9e Generate docs from job=validate_atomics_generate_docs branch=master 2020-04-27 20:40:21 +00:00
MrOrOneEquals1 77d3649202 corrected folder name (#957) 
Co-authored-by: darin <darin@blackhillsinfosec.com>
 2020-04-27 14:40:06 -06:00
CircleCI Atomic Red Team doc generator 09c8adfbef Generate docs from job=validate_atomics_generate_docs branch=master 2020-04-27 19:54:47 +00:00
msd1201 9d53c87787 Added test for T1089 for Remove-Service, introduced in Powershell 6.0 (#954) 
* Added test for T1089 for Remove-Service, introduced in Powershell 6.0

* Added Stop-Service and changed Default Value to match Atomic Test 13

Co-authored-by: Marshall Darnell <md@Marshalls-MBP.localdomain>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: Marshall Darnell <marshalldarnell@protonmail.com>
 2020-04-27 13:54:33 -06:00
CircleCI Atomic Red Team doc generator dc5a3c2131 Generate docs from job=validate_atomics_generate_docs branch=master 2020-04-27 19:51:36 +00:00
Tsora-Pop 483bdf1ea1 Update T1219.yaml (#956) 
fixed TeamViewer command and added AnyDesk test

Co-authored-by: Luminous-InfiniTom <35981510+Luminous-InfiniTom@users.noreply.github.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-04-27 13:51:19 -06:00
Michael Haag e28da09de5 T1086 sharphound (#955) 
* Updated T1086 - BloodHound/SharpHound Atomic Test

I have modified T1086-2 to work more effectively.
It now includes two test scenarios using SharpHound.
1. Using prereqs, will validate if sharphound.ps1 is found in the payloads directory within T1086 path. If not, it will download and store it locally.
2. Second test is a one liner that will download and run sharphound.

Input arguments added for hitting a internal domain and specifying the output directory.

* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound

* Added color

It needed color. I added it.

* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound

* Modified BloodHound Tests

Broke out the two BloodHound tests. One will execute from local disk, other will be from within memory.
Modified all payload paths to be from /src/ path.

* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound

* Elevation Not Required

Modified elevation, not required to be admin

* Generate docs from job=validate_atomics_generate_docs branch=T1086-sharphound

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-04-27 13:47:14 -06:00