atomic-red-team

Author	SHA1	Message	Date
CircleCI Atomic Red Team doc generator	b66dfc7001	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-09 20:59:14 +00:00
CircleCI Atomic Red Team GUID generator	acd77c68cb	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-09 20:59:10 +00:00
Raislin	167fb3c2f6	T1047_update (#1623 ) * T1047_update * T1047_update Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-09-09 14:58:43 -06:00
CircleCI Atomic Red Team doc generator	217dc47106	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-09 18:05:56 +00:00
CircleCI Atomic Red Team GUID generator	1605c05954	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-09 18:05:50 +00:00
Brian Thacker	fbbdd008ac	Add test Windows - Disable the SR scheduled task (#1622 ) Use schtasks.exe to disable the System Restore (SR) scheduled task Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-09-09 12:05:16 -06:00
CircleCI Atomic Red Team doc generator	ba0b1a3c35	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-09 18:02:46 +00:00
CircleCI Atomic Red Team GUID generator	356a8bbe88	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-09 18:02:40 +00:00
Brian Thacker	6d46517d6f	T1105 add test download with imewdbld (#1621 ) * Add test "Download a file with IMEWDBLD.exe" IMEWDBLD.exe can be used to download files from third party websites. This will throw an error for an invalid dictionary but the file will still be downloaded. Commands to execute this activity and cleanup commands added. Cleanup commands call on cmd.exe because PowerShell by default would not remove those files. Disclosed by https://twitter.com/notwhickey https://twitter.com/notwhickey/status/136749340683504026 * Update T1105.yaml fixed typo test 17 Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-09-09 12:02:26 -06:00
CircleCI Atomic Red Team doc generator	4114a92cfa	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-08 16:17:12 +00:00
CircleCI Atomic Red Team GUID generator	095df1c717	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-08 16:17:08 +00:00
Bhavin Patel	4fad473a71	Merge pull request #1606 from piaconsigny/pr-golden-saml T1606.002: Add Golden SAML atomic	2021-09-08 09:16:36 -07:00
Bhavin Patel	4cdedbef11	Merge branch 'master' into pr-golden-saml	2021-09-08 09:15:57 -07:00
CircleCI Atomic Red Team doc generator	f72420bbcc	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-04 00:27:02 +00:00
CircleCI Atomic Red Team GUID generator	e4bfc77bf2	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-04 00:26:58 +00:00
tlor89	ae0fd36089	Added ScreenConnect application (#1618 ) * Added ScreenConnect application * update line spacing * some wording updates and cleanup. Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-09-03 18:26:26 -06:00
CircleCI Atomic Red Team doc generator	bc21f59ff0	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-04 00:21:31 +00:00
Josh Rickard	1513717eb2	Updating atomics to conform to standard (#1619 ) * Updated format of input_argument types for Url * Updated type for input_arguments to Url (missed) * Updating Path type for input_arguments * Updated String type for input_arguments * Missed a few Strings and Url types * Updated default values for input_arguments to align with their types * Updated Integer type for input_arguments * Updated formatting and spacing of atomics	2021-09-03 18:20:46 -06:00
CircleCI Atomic Red Team doc generator	bcedc9a826	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-02 15:24:25 +00:00
CircleCI Atomic Red Team GUID generator	216113c9bf	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-09-02 15:24:20 +00:00
Michael Haag	ab822b2208	Trust Reconnaissance (#1616 ) Two simple Atomic Tests for domain and forest trust information.	2021-09-02 09:23:44 -06:00
Adam Mashinchi	fb6a424ec1	Update README.md (#1615 ) Added single character to reflect changes on websites and in wiki.	2021-09-01 16:59:18 -06:00
Adam Mashinchi	2892843e35	Merge pull request #1614 from redcanaryco/complete-art-io-site-migration Delete docs directory	2021-08-30 12:53:26 -07:00
Carrie Roberts	0ce485a43b	Merge branch 'master' into complete-art-io-site-migration	2021-08-30 13:52:54 -06:00
CircleCI Atomic Red Team doc generator	38b2b2f2d3	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-30 19:52:44 +00:00
Carrie Roberts	1d43b259fa	Merge branch 'master' into complete-art-io-site-migration	2021-08-30 13:52:44 -06:00
CircleCI Atomic Red Team GUID generator	7e4f6a4b88	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-30 19:52:38 +00:00
Carrie Roberts	762e2992a7	Merge branch 'master' into complete-art-io-site-migration	2021-08-30 13:52:32 -06:00
Brian Thacker	aca73307fa	Add test "Remove the Zone.Identifier alternate data stream" (#1612 ) Add test "Remove the Zone.Identifier alternate data stream". Test command removes the zone.identifier. The cleanup command adds the zone.identifier with the id for "internet". Check prereq checks that the test file exists. Get prereq gets the file from the internet and adds the zone.identifier with the id for "internet". More info: https://www.howtogeek.com/70012/what-causes-the-file-downloaded-from-the-internet-warning-and-how-can-i-easily-remove-it/ https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/unblock-file?view=powershell-7 https://www.reddit.com/r/PowerShell/comments/6yyf07/remove_alternate_data_streams/dmrb6zl/ Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-08-30 13:52:02 -06:00
Adam Mashinchi	fc96cac822	Delete docs directory Migrated atomicredteam[.]io site to new location.	2021-08-30 12:44:02 -07:00
CircleCI Atomic Red Team doc generator	e95076c17d	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-30 19:16:31 +00:00
CircleCI Atomic Red Team GUID generator	78a438c687	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-30 19:16:26 +00:00
Araveti Esanya Reddy	5bda040ce8	Updated O365-Disable-AntiPhishRule test (#1611 ) * updated O365-Disable-AntiPhishRule test * updated as per review comments Co-authored-by: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com> Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-08-30 13:15:58 -06:00
Adam Mashinchi	9965165d19	Delete CNAME (#1613 ) Removing file in prep to migrate atomicredteam[.]io site.	2021-08-30 13:13:57 -06:00
ChrisClewellRC	19146099ab	Create CNAME	2021-08-30 13:09:12 -06:00
ChrisClewellRC	b10ba3ecde	Delete CNAME	2021-08-30 13:08:38 -06:00
ChrisClewellRC	0391079857	Create CNAME	2021-08-30 13:05:51 -06:00
ChrisClewellRC	f73d6feff5	Delete CNAME	2021-08-30 13:05:10 -06:00
CircleCI Atomic Red Team doc generator	a0cf92ca59	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 20:09:31 +00:00
CircleCI Atomic Red Team GUID generator	cf00395732	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 20:09:26 +00:00
DS	173155eaa6	T1134.002 - Access Token Manipulation: Create Process with Token (#1601 ) * Create T1134.002.yaml * Add files via upload * Create GetToken.ps1 * Add files via upload * Delete T1134.002.yaml * Add files via upload Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-08-27 14:09:00 -06:00
CircleCI Atomic Red Team doc generator	1f4a8b9565	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 20:04:57 +00:00
CircleCI Atomic Red Team GUID generator	7e88e14db9	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 20:04:52 +00:00
Ayantaker	a069f3233c	Added a new technique T1041 - Exfiltration Over C2 Channel (#1593 ) * Added a new technique T1041 - Exfiltration Over C2 Channel * use filepath variable throughout Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-08-27 14:04:22 -06:00
CircleCI Atomic Red Team doc generator	93a6ff56d0	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 19:58:05 +00:00
CircleCI Atomic Red Team GUID generator	b7d3dbb3f4	Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 19:57:59 +00:00
Ján Trenčanský	521b1abc16	T1555 enumeration with vaultcmd (#1581 ) * Extract credentials from Windows Credential Manager using vaultcmd.exe * Replace external script dependency in T1555 with powershell command * Add tests for both vaults in T1555 * T1555 fix name and description * Revert "Replace external script dependency in T1555 with powershell command" This reverts commit d8d6a7cf2bbc94a8240643ca600d9be62e0b697e. Co-authored-by: Carrie Roberts <clr2of8@gmail.com>	2021-08-27 13:57:24 -06:00
CircleCI Atomic Red Team doc generator	06d792aed3	Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]	2021-08-27 16:58:23 +00:00
Carl	c73195396d	Merge pull request #1600 from bnt1006/T1553.004_cleanup_test1 Update "Install root CA on CentOS/RHEL"	2021-08-27 06:57:51 -10:00
Carl	6c7b4eabd8	Merge branch 'master' into T1553.004_cleanup_test1	2021-08-27 06:47:14 -10:00

1 2 3 4 5 ...

3165 Commits