security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,474 Commits 47 Branches 0 Tags
b5db6b26fbb4dc67c814fa2da0b330b2ca213e8d
Commit Graph

1474 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CircleCI Atomic Red Team doc generator b5db6b26fb Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 23:27:24 +00:00
Andrew Beers ea619c49a3 create scheduled tasks a couple way to run on startup (#672) 2019-11-18 16:27:09 -07:00
CircleCI Atomic Red Team doc generator 69834f6b88 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 20:46:06 +00:00
Andrew Beers 826abe638e windows and powershell tests to recon data and write it to temp file for export (#671) 2019-11-18 13:45:33 -07:00
CircleCI Atomic Red Team doc generator a684542241 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 20:40:16 +00:00
Andrew Beers 3c9704117d T1135 recon avalaible share drives (#670) 
* net share command

* update description
 2019-11-18 13:39:58 -07:00
CircleCI Atomic Red Team doc generator 9658da76bc Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:50:50 +00:00
Andrew Beers aeeba08bbc Reach out to C2 Pointer URLs via command line (#644) 
* add urls and create test folder

* make test more realistic, cleanup command still broken

* use C drive instead of Temp because of permissions

* update paths

* update descriptions
 2019-11-18 09:50:35 -06:00
CircleCI Atomic Red Team doc generator 08fddb3940 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:44:19 +00:00
Jeff Ong e9e93b3907 T1208 kerberoasting with invoke kerberoast (#548) 
* Add test for T1208 that does Kerberoasting

Kerberoasting with Invoke-Kerberoast

* Rename atomics/T1208 to atomic/T1208/T1208.yaml

* Rename atomic/T1208/T1208.yaml to atomics/T1208/T1208.yaml

* Update T1208.yaml

* Update T1208.yaml
 2019-11-18 08:43:47 -07:00
CircleCI Atomic Red Team doc generator b3917a661f Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:31:37 +00:00
valen cf3e90ec91 T1075 new test added and other test t1023 t1044 t1058 (#625) 
* Add test for T1058 that does check weak services

* Add test for T1023 that modified shortcut and execute

* Add test for T1044 that check weak files permission

* Update T1044.yaml

* Update T1058.yaml

* Update T1023.yaml

* Update T1075.yaml

* Delete .T1023.yaml.swp

* Update T1044.yaml

* Update T1023.yaml

* Update T1058.yaml

* Update T1075.yaml
 2019-11-18 08:31:16 -07:00
CircleCI Atomic Red Team doc generator 8c7e1fcb9d Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:29:04 +00:00
Andrew Beers 65d0f6dc5d Zip a folder with PowerShell (#640) 
* add test to compress directory and delete it

* remove cleanup command sbecause I don't have a way to test them yet

* fix paths

* fix command misspelling

* zip into C drive

* fix paths to Temp finally

* move to data staging
 2019-11-18 08:28:44 -07:00
CircleCI Atomic Red Team doc generator 232fb47eda Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:19:08 +00:00
Andrew Beers 942ca94244 T1173 execute power shell script via word ddeauto (#643) 
* first commit for testing file download

* update download path for ps1 to test

* update path to point to redcanary repo. Once this is merged in it will download the file

* rename document, add command
 2019-11-18 08:18:56 -07:00
CircleCI Atomic Red Team doc generator 26bdd49b8c Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-18 15:17:52 +00:00
dwhite9 6635e0cb36 Switched executor to powershell. Fixed commandline to run correctly and (#669) 
added comments for clarification.
 2019-11-18 08:17:34 -07:00
CircleCI Atomic Red Team doc generator 275eaa9f59 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-16 00:22:19 +00:00
Brandon Morgan 12518d69c4 T1504 powershell profile (#668) 
* T1054 Powershell Profile take 2

* T1054 Powershell Profile Take 3

* pop calc.exe

* pop calc.exe v2
 2019-11-15 17:21:59 -07:00
CircleCI Atomic Red Team doc generator 6bc3ec3edc Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-15 15:42:59 +00:00
blackburnjrb 80d06be3a8 Added UAC Bypass using ComputerDefaults.exe and cleanup commands (#667) 2019-11-15 08:42:38 -07:00
JB abc2f2e563 added documentation of unix-like, clean directory structure (all files in /bin or /src besides .yaml or .md) (#664) 
/bin for executables
/src for source
 2019-11-15 08:39:01 -07:00
Carrie Roberts c86cb7ddbf a little bug fix (#665) 
* a little bug fix

* remove invoke call at the end
 2019-11-15 07:05:02 -07:00
CircleCI Atomic Red Team doc generator 59f2b264e9 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-15 05:02:01 +00:00
JB 5aed1f0210 moving .ps1 source in T1056 to /src folder (#663) 
* moving source code to /src

updated path of .ps1 source files here to best practices /src directory for all source code files

* moving input ps1 file for 1056, from PowerShellMafia/PowerSploit (moving file only)

moving the file to /src

* deleting file to complete move
 2019-11-14 22:01:43 -07:00
san-gwea 33d20ffb7c show executor and privilege requirement (#662) 2019-11-14 21:59:12 -07:00
fabamatic 3311f02362 Adding .yaml integer parser to python runner (#639) 
This change is to be able to execute tests contained in T1055.yaml and T1071.yaml. Will also cover any future tests that may use that data type as argument.
 2019-11-14 20:43:41 -07:00
CircleCI Atomic Red Team doc generator 70d795ffa2 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-15 03:38:21 +00:00
Andras32 5259c936c1 Updated T1002 (#655) 2019-11-14 20:37:26 -07:00
CircleCI Atomic Red Team doc generator ddadfbb3bf Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-14 22:57:31 +00:00
Brandon Morgan e93ed496ac default pid set to spoolsv (#656) 2019-11-14 15:57:07 -07:00
Michael Haag 41ca40f457 Broken URL (#661) 
* Broken URL

Fixed broken url for test 1

* Generate docs from job=validate_atomics_generate_docs branch=t1085fix
 2019-11-14 15:30:19 -06:00
CircleCI Atomic Red Team doc generator 9980382b3d Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-14 21:11:25 +00:00
fabamatic 9530b27936 T1085 deleting wrong "extra" quotation mark (#652) 
There are 5 quote symbols in a  single command. Executing the given command generates a JScript error "Unterminated string constant"
Deleting the extra quote causes the command to correctly open notepad.exe
 2019-11-14 14:10:57 -07:00
Tony M Lambert fdd2927285 T1216 Added tests for proxied script execution (#627) 
* Added script proxy tests

* Generate docs from job=validate_atomics_generate_docs branch=t1216_tests

* Moving command

* Generate docs from job=validate_atomics_generate_docs branch=t1216_tests
 2019-11-14 14:07:28 -07:00
Tony M Lambert d6f8628818 T1485 Test to delete backup files similar to Ryuk (#659) 
* T1485 Test to delete backup files similar to Ryuk

* Generate docs from job=validate_atomics_generate_docs branch=t1485-del-backups
 2019-11-14 14:06:09 -07:00
Michael Haag e8d584cb5c T1085 - Atomic Friday (#660) 
* Atomic Friday - T1085 Adds

Atomic Friday - T1085 Adds

* Generate docs from job=validate_atomics_generate_docs branch=T1085

* Atomic Friday - Ready

Atomic Ready!

* Generate docs from job=validate_atomics_generate_docs branch=T1085
 2019-11-14 15:04:08 -06:00
Tony M Lambert 5a0e4482dd T1089 Disable Arbitrary Security Service (#658) 
* T1089 Disable Arbitrary Security Service

* spelling is hard

* Generate docs from job=validate_atomics_generate_docs branch=1089-service
 2019-11-14 13:46:42 -07:00
Tony M Lambert 08c4b265be T1077 PsExec Test (#657) 
* T1077 PsExec Test

* Generate docs from job=validate_atomics_generate_docs branch=t1077
 2019-11-14 13:43:23 -07:00
CircleCI Atomic Red Team doc generator dce95a96da Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-14 06:15:58 +00:00
Luminous-InfiniTom c36b28eef8 Added cleanup command for fax binary (#654) 2019-11-13 23:15:34 -07:00
CircleCI Atomic Red Team doc generator 5dbf1b7864 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-13 23:42:50 +00:00
bmorgan-code b22483e2f1 T1090 add proxy reg key (#653) 
Adds a registry key to set up a proxy on the endpoint at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4
 2019-11-13 16:41:46 -07:00
CircleCI Atomic Red Team doc generator 406b4a1f77 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-13 00:52:25 +00:00
Brian Thacker 3fdc8ee7de Cleanup test 6, 7 (#648) 
Changing default value from env:SystemRoot to env:Temp. By default, user can write to systemroot temp directory but cannot execute the cleanup commands. Correcting typo scvhost to svchost.
 2019-11-12 17:51:57 -07:00
CircleCI Atomic Red Team doc generator 9412dc71f4 Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-13 00:50:03 +00:00
Andrew Beers 95f0e151ea create simple sdb file (#649) 2019-11-12 17:49:38 -07:00
CircleCI Atomic Red Team doc generator 52d472a70c Generate docs from job=validate_atomics_generate_docs branch=master 2019-11-12 22:09:07 +00:00
Gomezz6 fb4c322761 Added cleanup commands for test 1 & 2 (#651) 
Also changed the default process for test 3 to spoolsv.exe because this exists by default on all machines.
 2019-11-12 15:08:47 -07:00