atomic-red-team

Author	SHA1	Message	Date
A. Didier	48ad5e308d	Update rocke-and-roll-stage-01.sh (#533 ) Noticed this misspelling during a training session today.	2019-08-29 07:36:47 -06:00
Michael Haag	b51284297d	Initial Access - Atomic Friday July 2019 (#530 ) Adding the following: - New DragonsTail Chain reaction that does not execute Mimikatz. - Generic .HTA file with supporting markdown file highlighting details. - Generic `Atomic.doc` with supporting markdown file highlighting embedded macro. - Guide (markdown) explaining how to zip files to simulate email borne threats. - Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell. - Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.	2019-08-28 11:38:26 -07:00
Tony M Lambert	7be30f44e7	Chain Reaction - Qbot Infection (#508 ) * Reaction and payloads * Prepare for primetime merge into master * upload better source * right folder * Modify to .NET payload	2019-05-31 09:01:25 -06:00
Michael Haag	818c2ce55d	DragonsTail (#458 ) Updated URLs to fix #437	2019-02-14 13:43:31 -08:00
Tony M Lambert	6566bb640a	Chain Reaction for IoT Mirai Malware Derivative Infections (#449 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * Mirai IoT Chain Reaction	2019-02-06 10:52:56 -08:00
Tony M Lambert	8e2ec0aae1	CookieMiner Chain Reaction (#451 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * CookieMiner initial commit * fix binary stuff * Make quieter * Ready for primetime	2019-02-06 10:52:31 -08:00
Tony M Lambert	f0985c5444	Chain Reaction - Rocke and Roll (#443 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh	2019-01-24 08:22:38 -08:00
Michael Haag	7bc7660f4f	Discovery.bat Update (#397 ) * Discovery and Cleanup * Generate docs from job=validate_atomics_generate_docs branch=Discovery * mv discovery.bat * Fixed Discovery.bat URLs Updated Techniques with new location of discovery.bat * Generate docs from job=validate_atomics_generate_docs branch=Discovery	2018-11-02 13:17:39 -07:00
Lee Holmes	9ddffd1b17	Adding starter implementation of Atomic Red Team Automation Framework, as well as Atomic Red Team testing framework	2018-04-15 17:54:49 -07:00
atmathis	5e494127ac	Add Ranged Chain Reaction (Mac/Linux) Adding POSIX Chain Reaction that is platform aware and runs different checks for each platform. Simulates Discovery, Collection, and Exfiltration phases.	2018-02-15 17:53:13 -05:00
Michael Haag	60f7be8223	Removing Detections Removing detections until further notice	2018-02-13 09:57:20 -06:00
Michael Haag	901d2275c4	ARTifacts - Detections Adding a few detections for some Chain Reactions.	2018-02-01 15:46:25 -06:00
Michael Haag	dc0e511d12	Reactor - Detection - Collection Added Collection	2018-01-31 09:29:11 -06:00
Michael Haag	d943fa1315	Reactor - Detection Detection for Reactor Chain Reaction	2018-01-31 09:17:08 -06:00
Michael Haag	0588f4f38a	Quick Fix	2018-01-29 13:09:50 -06:00
Michael Haag	a091f57f94	Final Reactor Completion of the Reactor Chain Reaction	2018-01-18 13:40:31 -07:00
Michael Haag	9a5128a7da	Mac Matrix Update Updated Mac Matrix and technique names	2018-01-16 11:00:21 -07:00
Michael Haag	1cf1cdd279	Reactor Chain Reaction Chain Reaction - Reactor	2018-01-16 08:59:22 -07:00
Michael Haag	533e27193f	Update chain_reaction_Fission.bat	2018-01-09 10:52:57 -07:00
caseysmithrc	4326601868	Merge pull request #41 from redcanaryco/Argonaut Argonaut Chain Reaction + Updates to windows.md	2017-12-06 15:27:35 -07:00
Michael Haag	5449cc27f0	Argonaut Argonaut was built with the idea of assisting organizations with identifying the use of Invoke-WebRequest aliases - Wget and Curl. Within your detection tools, how does it look? Do you have detection for Wget and curl on Windows?	2017-12-06 14:22:21 -08:00
caseysmithrc	8cba9e39ec	Update DragonsTail.vba	2017-12-06 14:01:43 -07:00
caseysmithrc	1804b97780	Updated All the Things	2017-11-30 08:54:10 -07:00
Michael Haag	b54dad8890	Merge pull request #33 from redcanaryco/Protoss-Dev Fix Dragon's Tail References	2017-11-29 11:38:17 -07:00
caseysmithrc	b4deda9aae	Fix Dragon's Tali References	2017-11-29 11:36:40 -07:00
Michael Haag	0685e5ab8c	Merge pull request #32 from redcanaryco/Protoss-Dev Fix Dragon's Tail .bat	2017-11-29 11:23:17 -07:00
caseysmithrc	2da4ce1e9b	Fix Dragon's Tail .bat	2017-11-29 11:21:48 -07:00
Michael Haag	ebedfe3192	Merge pull request #31 from redcanaryco/Protoss-Dev Update Dragon's Tail	2017-11-29 10:23:54 -07:00
caseysmithrc	ab69bd75a6	Update Draon's Tail	2017-11-29 10:11:47 -07:00
Michael Haag	8f42ea3fc4	Account Manipulation + Chain Reactions Names Changed CR names + Fixed .md for Account manipulation	2017-11-20 11:34:34 -08:00
Michael Haag	dae8dcabe5	Dragon's Tail - Publication - Removed APT32 name scheme + Refactored with ART Naming Scheme	2017-11-17 14:45:22 -08:00
Michael Haag	29698b6131	Updated Formatting Updated formatting.	2017-11-15 10:28:08 -08:00
caseysmithrc	4d7aeb8286	remove mht	2017-11-15 08:24:18 -07:00
caseysmithrc	4da267b9d8	vba commit	2017-11-14 10:25:37 -07:00
caseysmithrc	83d3c9d7c1	fix	2017-11-14 10:17:04 -07:00
caseysmithrc	3425e8d0ff	update	2017-11-14 10:11:09 -07:00
caseysmithrc	4054c123c7	update	2017-11-14 10:08:30 -07:00
caseysmithrc	1134ecaa6a	updated	2017-11-14 10:06:41 -07:00
Michael Haag	61d4797e64	Chain Reaction + New chain reaction	2017-11-13 11:01:57 -07:00
Michael Haag	2e4ff79e66	Chain reaction Basic Chain reaction	2017-11-07 15:49:28 -08:00
caseysmithrc	aaa7105a42	Merge pull request #17 from redcanaryco/dev-mh Chain Reactions	2017-11-06 15:22:55 -07:00
Michael Haag	98f6d339e6	Chain Reactions	2017-11-06 14:21:36 -08:00
caseysmithrc	479a11fa09	fix discovery cmd	2017-11-06 15:11:30 -07:00
caseysmithrc	dcf67629de	webinar script Update	2017-11-06 15:07:57 -07:00

44 Commits