b4c30600a8
Update T1135.yaml ( #2761 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-05-09 11:44:13 -05:00
67bfc95355
New Atomic test- Process Hacker -Update T1057.yaml ( #2754 )
...
* New Atomic test- Process Hacker -Update T1057.yaml
* Update T1057.yaml
Removed the cleanup command and input arguments for the uninstallation package
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-05-09 11:39:54 -05:00
9af1dd8675
Adding codebox so '\' characters shows up well in Markdown ( #2766 )
...
Co-authored-by: Nico <nmontesino@incide.es >
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-05-08 23:41:25 -04:00
4c6639f4ff
Generated docs from job=generate-docs branch=master [ci skip]
2024-04-27 18:09:22 +00:00
e2428a7b12
Added new a new atomic test in T1003 and T1187 ( #2758 )
...
* Update T1003.yaml
Added a new atomic test (number 7) - Send NTLM Hash with RPC Test Connection
* Update T1187.yaml
Added new atomic test under T1187 (Test no 3) - "Trigger an authenticated RPC call to a target server with no Sign flag set"
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-27 13:08:12 -05:00
f64434da24
Generated docs from job=generate-docs branch=master [ci skip]
2024-04-27 17:50:49 +00:00
5c50c4409d
Adding T1112 Test 69 ( #2748 )
...
* Update T1112.yaml
* Update T1112.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-27 12:44:00 -05:00
58496ee330
updating atomics count and guids [ci skip]
2024-04-26 18:39:07 +00:00
6450adfb3b
Update T1048.002.yaml ( #2741 )
...
Added two tests for wget linux
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-04-26 14:35:50 -04:00
ef6b9e2fd3
updating atomics count and guids [ci skip]
2024-04-26 18:10:13 +00:00
85660f12bf
Added tests for T1562.012 ( #2743 )
...
* Added tests for T1562.012
* Update T1562.012.yaml
* Update T1562.012.yaml - Added cleanup commands
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-04-26 13:53:35 -04:00
e7e1e8acff
Fix auto_generated_guids file ( #2757 )
...
* Update guid.py
* Update used_guids.txt
2024-04-25 11:29:51 -06:00
dd4372d5cd
updating atomics count and guids [ci skip]
2024-04-25 17:07:26 +00:00
18388cd63d
Create T1622.yaml ( #2752 )
...
Created a new folder T1622 and an yaml file for new atomic test
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-23 19:44:00 -05:00
a7a16b3471
Update T1135.yaml ( #2745 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-23 19:36:34 -05:00
82ad1c0bd8
remove pause from seatbelt psh command ( #2744 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-23 18:29:00 -06:00
95cc8e7ffc
Update T1562.003.yaml ( #2742 )
...
Tweaking my own tests to fix markdown formatting and simplify executions
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-23 18:26:01 -06:00
3bcc943259
Generated docs from job=generate-docs branch=master [ci skip]
2024-04-07 02:49:34 +00:00
acd5bf322b
cleanup ( #2738 )
2024-04-06 20:28:33 -06:00
936ac00f52
Generated docs from job=generate-docs branch=master [ci skip]
2024-04-06 02:13:59 +00:00
61c178723c
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-04-06 02:13:42 +00:00
5ac96ed038
added -f switch to all cleanup "rm" commands to supress the conformation ( #2735 )
...
dialog that causes it to hang.
Co-authored-by: dwhite9 <not-supplied>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-04-05 12:19:35 -05:00
e301d16430
Merge branch 'master' into master
2024-04-03 01:04:30 -04:00
87eff2b6b8
Added new atomic test: Update T1105.yaml ( #2734 )
...
* Added new atomic test: Update T1105.yaml
* Update T1105.yaml
2024-04-03 01:04:06 -04:00
09619c17e4
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-04-03 02:10:46 +00:00
5ae956b990
Added new atomic test: Update T1490.yaml ( #2733 )
...
* Added new atomic test: Update T1490.yaml
* Added cleanup_command
2024-04-02 22:10:02 -04:00
b18b1a8957
Added new atomic test: Update T1114.002.yaml
...
fixed typo ' Get-InstalledModule Az.Accounts'
2024-04-02 11:57:47 -04:00
dc001a3b59
Merge branch 'master' into master
2024-03-29 22:34:43 -04:00
edc7f3eed4
Added new atomic test: Update T1001.002.yaml ( #2730 )
...
* Update T1001.002.yaml
* Update T1001.002.yaml
* Update T1001.002.yaml
* Update T1001.002.yaml
* Update T1001.002.yaml
* Update T1001.002.yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-03-29 22:34:19 -04:00
a8421f8fb1
Minor fix to "type" field ( #2732 )
...
with nonstandard capitalization
2024-03-29 12:44:45 -06:00
0138eae293
Create T1114.002.yaml
2024-03-28 15:38:44 -04:00
8059a7fc39
force delete ( #2728 )
2024-03-28 02:55:34 -04:00
41e8efa9c8
Update T1569.001.yaml: Fixed description for label_name ( #2726 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-03-21 08:20:24 -05:00
19e82555c6
Update BrowserCollector to use Firefox ( #2724 )
2024-03-21 08:18:25 -05:00
ac9e63e872
Generated docs from job=generate-docs branch=master [ci skip]
2024-03-18 16:37:08 +00:00
cf025a46c7
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-03-18 16:36:55 +00:00
0750e734e6
fix f3ad3c5b-1db1-45c1-81bf-d3370ebab6c8 schema ( #2723 )
2024-03-18 11:36:19 -05:00
23d1a4b8e7
Update T1072.yaml Deploy 7-Zip Using Chocolatey ( #2662 )
...
* Update T1072.yaml Deploy 7-Zip Using Chocolatey
An adversary may use Chocolatey to remotely deploy the 7-Zip file archiver utility.
* Update T1072.yaml
made changes accordingly
* Update T1072.yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-03-16 21:01:56 -05:00
299603d06f
Generated docs from job=generate-docs branch=master [ci skip]
2024-03-17 01:56:45 +00:00
805fbea899
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-03-17 01:56:33 +00:00
895fb8ab05
Add test 24 to T1562.004 ( #2718 )
...
* Add test 24 to T1562.004
Adding a new test (test 24) to T1562.004 - Set a firewall rule using New-NetFirewallRule
* updating default port
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-03-16 20:55:59 -05:00
fdc97c3f37
Generated docs from job=generate-docs branch=master [ci skip]
2024-03-17 01:48:45 +00:00
2ef494158f
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-03-17 01:48:33 +00:00
91912fdd93
Added a new atomic to T1202 ( #2715 )
...
* Create src
* Delete atomics/T1202/src
* Create GUP.exe
* Delete atomics/T1202/src/GUP.exe
* Create TEST.exe
* Add files via upload
* Delete atomics/T1202/src/TEST.exe
* Update T1202.yaml
Updated new atomic test
* Create test
* Add files via upload
* Delete atomics/T1105/bin/test
* Update T1105.yaml
* remove duplicate
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-03-16 20:47:56 -05:00
a5e3460d41
Update T1218.011.yaml ( #2719 )
...
technique utilizing rundll32.exe and the FileProtocolHandler method to execute a command without requiring administrative privileges. By leveraging rundll32.exe in this manner, the test aims to assess the effectiveness of antivirus solutions, including Bitdefender, Windows Defender, and others, in detecting and preventing command execution evasion. The provided command bypasses certain antivirus detections by using the FileProtocolHandler to execute the specified command, in this case, launching 'calc.exe'. This evasion technique is known for its ability to exploit legitimate processes to execute malicious commands while avoiding detection. The test serves as an evaluation of antivirus solutions' capabilities to detect and mitigate such evasion tactics, contributing to the overall assessment of endpoint security posture.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-03-16 20:24:35 -05:00
65869495d8
Generated docs from job=generate-docs branch=master [ci skip]
2024-03-13 18:04:34 +00:00
b4289ea077
Generate GUIDs from job=generate-docs branch=master [skip ci]
2024-03-13 18:04:20 +00:00
5a3850c016
Merge branch 'master' into patch-7
2024-03-13 18:01:27 +00:00
be9944dba6
Generated docs from job=generate-docs branch=master [ci skip]
2024-03-13 18:00:02 +00:00
0d12184338
Merge branch 'master' into patch-7
2024-03-13 17:59:57 +00:00
Leo Verlod