c434c577af
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:35:40 +00:00
4fffd2bd92
add dependency executor since it is different than attack cmds ( #2203 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-27 14:35:07 -06:00
fd90991054
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:17:13 +00:00
d3f49a0913
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-27 20:17:07 +00:00
066d82351c
New AutoDial DLL persistence atomic ( #2207 )
...
* New AutoDial DLL persistence atomic
* Update T1546.yaml
2022-10-27 14:16:38 -06:00
a3f9a79d63
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 17:12:15 +00:00
74a13a8b92
Merge pull request #2206 from redcanaryco/isofix
...
Update T1553.005 - Runs lnk now
2022-10-27 10:11:38 -07:00
93c92d10b2
Update T1553.005 - Runs lnk now
2022-10-27 11:03:58 -06:00
e149cf9df2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-26 15:13:43 +00:00
dba79489fb
Incomplete Process Termination Process ( #2205 )
...
The Notepad process was not terminating after the command execution
Line Added:
taskkill /im notepad.exe /t /f > NUL 2>&1
The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
2022-10-26 09:13:05 -06:00
aa218974e7
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-25 00:18:35 +00:00
d29652b752
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-25 00:18:27 +00:00
ba34e45163
Merge pull request #2197 from redcanaryco/aws_password_spray
...
AWS - Password Spray an AWS using GoAWSConsoleSpray
2022-10-24 17:17:49 -07:00
8b43cf51f7
Merge branch 'master' into aws_password_spray
2022-10-24 17:16:55 -07:00
e4844d7576
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:27:34 +00:00
890607b6fe
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:27:28 +00:00
f710d57e40
T1547.004 new hklm tests ( #2196 )
...
* Created 3 copies of the original HKCU tests but on HKLM
Committer: Thomas De Brelaz <thockoro@hotmail.com >
* Removed Notify tests, no longer supported in win10 and the tests were broken due to missing dll prerequisite
* re-added notify test
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Committer: Thomas De Brelaz <thockoro@hotmail.com >
Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:27:01 -06:00
4787dc43e9
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:19:18 +00:00
b1048a588d
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-24 16:19:11 +00:00
638ba68ee6
Tccontre patch 1 ( #2200 )
...
* Update T1124.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1033.yaml
* Update T1016.yaml
* Update T1016.yaml
* update test name
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-24 10:18:40 -06:00
b9aebd1c0e
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-21 02:18:13 +00:00
f3a038ca78
Remove trailing \ from web_shells default path ( #2199 )
...
xcopy doesn't work when there is a trailing \ in a path.
default: PathToAtomicsFolder\T1505.003\src\ caused the "Invalid path" error
Removing the trailing \ fixes the issue
2022-10-20 20:17:29 -06:00
3927202872
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-20 21:47:35 +00:00
80be4123cd
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-20 21:47:29 +00:00
0d4622f4e8
Update T1564.yaml ( #2198 )
2022-10-20 15:46:58 -06:00
dfd1f668af
adding atomic
2022-10-19 16:16:08 -07:00
27f8de3193
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 16:13:48 +00:00
f10bb08817
fix dir creation ( #2194 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-19 10:13:16 -06:00
99f4231d0b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:43:05 +00:00
dd82e78da7
Merge pull request #2099 from chronolator/T1201_Improved
...
T1201_Improved
2022-10-18 21:42:37 -04:00
9c3f3e6b9e
Merge branch 'master' into T1201_Improved
2022-10-18 21:41:30 -04:00
69028837c2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:28:38 +00:00
7b1e347a4d
Update T1014.md because of typo at Test number 3 (yaml corrected) ( #2189 )
...
ld.so.preload instead of ls.so.preload
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:28:00 -06:00
2be544c1d5
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:26:46 +00:00
a865221e1a
Minor edits to test number 2 ( #2190 )
...
Separated reference URLs in description section with commas ','
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:26:16 -06:00
ff1a5cf07b
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:25:12 +00:00
0f6a242985
T1106_update ( #2192 )
...
* T1106_update
* typo fix
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:24:39 -06:00
3802eaffdf
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-19 01:22:59 +00:00
e3cb7dbc2b
T1105_update ( #2191 )
...
* T1105_update
* Update the syntax issue
* typo fix
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-18 19:22:14 -06:00
825c959f98
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-18 16:52:04 +00:00
da55a259c9
Fix T1098.004 ( #2193 )
...
Fix for systems with multiple authorized keys. Without quotes, the echo command separates new lines with space instead of new line character which breaks authorized_keys file in case there are multiple keys in the file.
2022-10-18 10:51:15 -06:00
4abb614556
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-17 16:47:12 +00:00
0d7ea66552
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-17 16:47:06 +00:00
b9e306b765
Merge pull request #2188 from harshalcoep/master
...
Added a new atomic test
2022-10-17 16:46:40 +00:00
3b3642544f
Merge branch 'master' into master
2022-10-17 21:39:30 +05:30
dd2090cd6d
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-17 15:11:59 +00:00
8e594d58d5
Update T1090.003.yaml ( #2187 )
...
* Update T1090.003.yaml
Add prereq for test 1 on batch file requirements
* Update T1090.003.yaml
fixed the spacing
* Update T1090.003.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-17 09:11:19 -06:00
17b0ff7915
Added a new atomic test
...
We have added a new atomic test with guid ffcbfaab-c9ff-470b-928c-f086b326089b that sets two registry keys HKLM\SOFTWARE\Micosoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption and HKLM\SOFTWARE\Micosoft\Windows\CurrentVersion\Policies\System\LegalNoticeText to display a ransom message. While executing this atomic test, the value for these registries can be configured using the switch -PromptForInputArgs. This technique has been used by many ransomwares in the past including SynAck, Grief, Maze, Pysa, Spook, DopplePaymer, Reedemer and Kangaroo. After encrypting files, ransomwares modify the Windows LegalNoticeCaption and LegalNoticeText registry keys to display a ransom message to victim at logon.
2022-10-17 20:28:17 +05:30
e774b3cdc9
Merge branch 'master' into T1201_Improved
2022-10-14 10:31:12 -04:00
84cd4177fe
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-13 17:48:19 +00:00
Atomic Red Team doc generator