security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,383 Commits 47 Branches 0 Tags
b9750ef5cd0b4272a3c69e79416f2ff3a97cf5ea
Commit Graph

3383 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vincent N b9750ef5cd Extend T1550.003 with new PTT attack (#1717) 
* Extend T1550.003 with new PTT attack

* Applying Carrie's suggestion
 2022-01-12 07:39:00 -06:00
CircleCI Atomic Red Team doc generator dfea108f00 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-10 19:36:25 +00:00
CircleCI Atomic Red Team GUID generator 56d6fec8db Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-10 19:36:19 +00:00
Leo Verlod 12e9da546c Create T1091.yaml (#1715) 
Creating a directory for T1091 and corresponding YAML file so that a new test can be submitted for this technique. The proposed test is designed to detect removable drives connected to a Windows system and then create a file named "T1091Test1.txt" on them to simulate USB spread.
 2022-01-10 12:35:48 -07:00
CircleCI Atomic Red Team doc generator 957ca44e55 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-07 22:29:03 +00:00
CircleCI Atomic Red Team GUID generator ef47d419f1 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-07 22:28:59 +00:00
frack113 6221a181ab Fix windows test (#1711) 2022-01-07 15:28:30 -07:00
CircleCI Atomic Red Team doc generator 1351165d33 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-06 17:23:26 +00:00
CircleCI Atomic Red Team GUID generator 7abf7fe918 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-06 17:23:20 +00:00
tr4cefl0w 153f4aa939 adding T1547.002 (#1697) 
* adding T1547.002

* removing auto_generated_guid

* fixing payloads

* updating cleanup cmd and description

* removing submodules, adding payload source

* removing submodule, adding payloads src

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-01-06 11:22:52 -06:00
CircleCI Atomic Red Team doc generator c7cfd2cac0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-05 21:42:39 +00:00
frack113 c45170dcaa fix test (#1709) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-01-05 14:42:06 -07:00
CircleCI Atomic Red Team doc generator 0097ce4b39 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-05 21:39:28 +00:00
Leo Verlod b83ffcf37c Updating T1217 Test 4 to include Opera (#1708) 
Upon attempting to develop an atomic for Opera bookmark discovery and testing T1217 Test 4, found that this test also detects Opera bookmarks in addition to Chrome's. Modifying name/description of this test to outline that it finds Opera bookmarks too.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-01-05 14:38:55 -07:00
CircleCI Atomic Red Team doc generator 131febbcdb Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-05 21:35:39 +00:00
CircleCI Atomic Red Team GUID generator 9446159b59 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-01-05 21:35:34 +00:00
Leo Verlod 4b8a21d4d7 Adding T1497.001 Test 4 (#1706) 
This test is a second method of detecting virtualization within Windows by querying the WMI manufacturer/model.
 2022-01-05 14:35:05 -07:00
CircleCI Atomic Red Team doc generator 715ee2f7bf Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-30 20:08:23 +00:00
CircleCI Atomic Red Team GUID generator 6d0d802558 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-30 20:08:18 +00:00
Leo Verlod aa6cab9772 Adding T1555.003 Test 5 - Simulating Access to Opera Login Data (#1698) 
* Adding Test 5 - Simulating Access to Opera Login Data

Adding a 5th test that simulates access to Opera Login Data within Windows.

* Update T1555.003.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-30 13:07:54 -07:00
CircleCI Atomic Red Team doc generator 16f8bfd71c Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-30 19:21:54 +00:00
MrOrOneEquals1 b9ee00896b Update T1202.yaml (#1704) 
* Update T1202.yaml

Update executor for Windows Indirect Command Execution

* Update T1202.yaml

* Update T1202.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-30 12:21:38 -07:00
CircleCI Atomic Red Team doc generator 4c36b9b772 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-30 19:08:33 +00:00
MrOrOneEquals1 e0f2a76114 Update T1003.yaml (#1702) 
* Update T1003.yaml

Add -UseBasicParsing to line 41

* Update T1003.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-30 12:08:06 -07:00
CircleCI Atomic Red Team doc generator a65adae62d Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-30 19:05:18 +00:00
MrOrOneEquals1 f2da872a35 Update T1137.006.yaml (#1703) 
Update default xll_url. Fixes issue #1700 , thx @frack13
 2021-12-30 12:04:52 -07:00
CircleCI Atomic Red Team doc generator d39dc66fa1 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-23 19:00:45 +00:00
CircleCI Atomic Red Team GUID generator 73a44d8b8f Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-23 19:00:40 +00:00
shamanth0912 60d6849173 Added a New Test in T1070.005 - Disable Administrative Share Creation at Startup (#1694) 
* Update T1003.yaml

Cleared a space liner from command line for Atomic guid : d400090a-d8ca-4be0-982e-c70598a23de9

* Update T1070.005.yaml

Added a new test to disable Admin Share and clean up command

* Update T1003.yaml

* update desc

* update desc

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-23 12:00:12 -07:00
nsher07 7e87e7e9af Update T1070.005.yaml (#1695) 
* Update T1070.005.yaml

New test to remove Admin$ share (net share Admin$ /delete)

* add cleanup commands/desc

* spacing fix

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-23 11:47:28 -07:00
CircleCI Atomic Red Team doc generator e77a01078a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-21 17:35:29 +00:00
CircleCI Atomic Red Team GUID generator 283e2a79eb Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-21 17:35:23 +00:00
CyberBilly7 bad06f0c3f Add cipher RANSOMEXX test (#1691) 
* Add cipher RANSOMEXX test

* update description

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-21 09:34:54 -08:00
CircleCI Atomic Red Team doc generator 246bc2e4ae Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-16 18:04:51 +00:00
Clément Notin ad7805da81 Kerberoasting: purge tickets before launching attack to ensure cached ones aren't used (#1690) 
The TGT is purged too but given that the long term session keys are in LSASS it will be re-fetched too silently
 2021-12-16 11:04:17 -07:00
CircleCI Atomic Red Team doc generator ff079fb1bf Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-13 21:12:12 +00:00
Carrie Roberts 32eb49ca37 overwrite existing output without prompt (#1688) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2021-12-13 14:11:54 -07:00
CircleCI Atomic Red Team doc generator 645826a092 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-13 21:10:58 +00:00
Carrie Roberts b96d532bb8 Using smart defaults so more atomics work w/o custom input args (#1687) 
* smart defaults

* smart defaults

* correction
 2021-12-13 14:10:18 -07:00
CircleCI Atomic Red Team doc generator b8333150c1 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-09 22:52:57 +00:00
CircleCI Atomic Red Team GUID generator ea555fab07 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-09 22:52:52 +00:00
lucasRiley c05e8c7dde T1135 Powerview (#1686) 
* T1135 Powerview

* Update T1135.yaml

* Simplifying updates

Co-authored-by: Riley <lriley@NTI.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2021-12-09 15:52:22 -07:00
CircleCI Atomic Red Team doc generator 8985aaf0f0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-09 18:42:48 +00:00
Carrie Roberts 5bb5878e62 Cleaning up the Cleanup commands (#1685) 
* cleanup fixes

* cleanup fixes

* cleanup fixes
 2021-12-09 11:42:14 -07:00
CircleCI Atomic Red Team doc generator 17d151ba0c Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-08 19:05:10 +00:00
Carrie Roberts 0681f97a82 type fixes per issue 1683 (#1684) 2021-12-08 12:04:34 -07:00
CircleCI Atomic Red Team doc generator d1789b5bfc Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-08 16:57:20 +00:00
hackeT 5b360eb744 T1550.003 pass the ticket by mimikatz patch (#1682) 
* Update T1550.003.md

To avoid mimikatz failure and more useful argument description

* Update T1550.003.yaml

To avoid to fail mimikatz  kerberos::ptt and be more easier to understand about argument.

* Update T1550.003.yaml

* Update T1550.003.md

* Update T1550.003.md

* Update T1550.003.yaml
 2021-12-08 09:56:45 -07:00
CircleCI Atomic Red Team doc generator d07703afe0 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-07 17:20:49 +00:00
CircleCI Atomic Red Team GUID generator eabee62e93 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2021-12-07 17:20:43 +00:00