security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,912 Commits 47 Branches 0 Tags
cf025a46c7c76273d30b520e082c4ec935e07940
Commit Graph

5912 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Atomic Red Team GUID generator cf025a46c7 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-18 16:36:55 +00:00
ohadm-cynet 0750e734e6 fix f3ad3c5b-1db1-45c1-81bf-d3370ebab6c8 schema (#2723) 2024-03-18 11:36:19 -05:00
publish bot 1099145948 updating atomics count in README.md [ci skip] 2024-03-17 02:02:32 +00:00
sai prashanth pulisetti 23d1a4b8e7 Update T1072.yaml Deploy 7-Zip Using Chocolatey (#2662) 
* Update T1072.yaml Deploy 7-Zip Using Chocolatey

    An adversary may use Chocolatey to remotely deploy the 7-Zip file archiver utility.

* Update T1072.yaml

made changes accordingly

* Update T1072.yaml

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-16 21:01:56 -05:00
Atomic Red Team doc generator 299603d06f Generated docs from job=generate-docs branch=master [ci skip] 2024-03-17 01:56:45 +00:00
Atomic Red Team GUID generator 805fbea899 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-17 01:56:33 +00:00
Zitni Handoo 895fb8ab05 Add test 24 to T1562.004 (#2718) 
* Add test 24 to T1562.004

Adding a new test (test 24) to T1562.004 - Set a firewall rule using New-NetFirewallRule

* updating default port

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-16 20:55:59 -05:00
Atomic Red Team doc generator fdc97c3f37 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-17 01:48:45 +00:00
Atomic Red Team GUID generator 2ef494158f Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-17 01:48:33 +00:00
NeuralGlitch 91912fdd93 Added a new atomic to T1202 (#2715) 
* Create src

* Delete atomics/T1202/src

* Create GUP.exe

* Delete atomics/T1202/src/GUP.exe

* Create TEST.exe

* Add files via upload

* Delete atomics/T1202/src/TEST.exe

* Update T1202.yaml

Updated new atomic test

* Create test

* Add files via upload

* Delete atomics/T1105/bin/test

* Update T1105.yaml

* remove duplicate

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-16 20:47:56 -05:00
publish bot 90bcc79d01 updating atomics count in README.md [ci skip] 2024-03-17 01:25:13 +00:00
itsmeLevan a5e3460d41 Update T1218.011.yaml (#2719) 
technique utilizing rundll32.exe and the FileProtocolHandler method to execute a command without requiring administrative privileges. By leveraging rundll32.exe in this manner, the test aims to assess the effectiveness of antivirus solutions, including Bitdefender, Windows Defender, and others, in detecting and preventing command execution evasion. The provided command bypasses certain antivirus detections by using the FileProtocolHandler to execute the specified command, in this case, launching 'calc.exe'. This evasion technique is known for its ability to exploit legitimate processes to execute malicious commands while avoiding detection. The test serves as an evaluation of antivirus solutions' capabilities to detect and mitigate such evasion tactics, contributing to the overall assessment of endpoint security posture.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-16 20:24:35 -05:00
Atomic Red Team doc generator 65869495d8 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-13 18:04:34 +00:00
Atomic Red Team GUID generator b4289ea077 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-13 18:04:20 +00:00
Bhavin Patel 8fef682386 Merge pull request #2659 from prashanthpulisetti/patch-7 
Update T1580.yaml AWS - EC2 Security Group Enumeration
 2024-03-13 18:03:43 +00:00
Bhavin Patel 5a3850c016 Merge branch 'master' into patch-7 2024-03-13 18:01:27 +00:00
Atomic Red Team doc generator be9944dba6 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-13 18:00:02 +00:00
Bhavin Patel 0d12184338 Merge branch 'master' into patch-7 2024-03-13 17:59:57 +00:00
Atomic Red Team GUID generator 25e8d49800 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-13 17:59:42 +00:00
Bhavin Patel e12ad94216 Merge branch 'master' into patch-7 2024-03-13 17:59:14 +00:00
Bhavin Patel b408522fb3 Merge pull request #2722 from prashanthpulisetti/patch-12 
Update T1070.003.yaml
 2024-03-13 17:58:56 +00:00
Bhavin Patel 6cd7fb1b8c Update T1070.003.yaml 
Removing guid
 2024-03-13 10:57:47 -07:00
sai prashanth pulisetti 82ecf271e7 Merge branch 'master' into patch-7 2024-03-13 17:46:09 +00:00
sai prashanth pulisetti 485d1b831d Update T1070.003.yaml 
updated bash
 2024-03-13 19:02:14 +05:30
sai prashanth pulisetti a2a74b30e9 Update T1070.003.yaml 2024-03-13 18:58:10 +05:30
sai prashanth pulisetti a128b9981a Update T1070.003.yaml 
Clear Docker Container Logs
 2024-03-13 18:53:48 +05:30
Atomic Red Team doc generator a492a7390c Generated docs from job=generate-docs branch=master [ci skip] 2024-03-10 22:24:16 +00:00
chandangupta1997 2340af5ccc Update T1040.yaml Link was broken (#2721) 
Link is broken Might be a typo :-https://1.eu.dl.wireshark.org/win64/Wireshark-win64-latest.exe

Correct Link :-https://1.eu.dl.wireshark.org/win64/Wireshark-latest-x64.exe
 2024-03-10 18:23:29 -04:00
Hare Sudhan 64c84cac97 Merge branch 'master' into patch-7 2024-03-07 20:06:16 -05:00
Atomic Red Team doc generator 8be0e2d8a4 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-07 18:25:32 +00:00
Atomic Red Team GUID generator 5ed75190b2 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-07 18:25:13 +00:00
Bhavin Patel c4a5113db0 Merge pull request #2688 from W00glin/master 
T1613 - Podman
 2024-03-07 10:24:26 -08:00
Bhavin Patel e218a8a775 Update T1613.yaml 
Updated the Atomic File in a correct format as per the comments.
 2024-03-07 10:20:22 -08:00
Bhavin Patel 4cf246e1ed Merge branch 'master' into master 2024-03-07 10:15:48 -08:00
Bhavin Patel 9d4056fdbf Merge branch 'master' into patch-7 2024-03-07 10:11:24 -08:00
Atomic Red Team doc generator 4e9698e67c Generated docs from job=generate-docs branch=master [ci skip] 2024-03-07 02:20:46 +00:00
Badoodish e4129551f7 Update T1562.003.yaml (#2717) 
Corrected executor for powershell cmdlet test.
 2024-03-06 19:19:55 -07:00
Atomic Red Team doc generator 2d82fc9563 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-06 19:35:27 +00:00
Atomic Red Team GUID generator dd87338bc0 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-06 19:35:14 +00:00
Badoodish 7d311f19f1 Update T1562.003.yaml (#2716) 
Corrected the MITRE ATT&CK subtechnique name at top of the file.
Added two new tests for disabling Windows Command Line Auditing

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-06 13:34:39 -06:00
publish bot 9877156eec updating atomics count in README.md [ci skip] 2024-03-06 16:43:12 +00:00
Raghav_Singh 097ed862cc New Tests: T1001.002 - Data Obfuscation: Steganography (#2695) 
* Create T1001.002.yaml

* Create T1001.002.md

* Update T1001.002.yaml

* Update T1001.002.yaml

* Delete atomics/T1001.002/T1001.002.md

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2024-03-06 10:42:19 -06:00
BF 3e5736d57c Merge branch 'master' into master 2024-03-05 09:23:18 -08:00
Atomic Red Team doc generator 029110b694 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-01 19:23:30 +00:00
Atomic Red Team GUID generator 82729bc3bc Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-03-01 19:23:17 +00:00
jandress 498aecdb83 New test: T1542.001 - 'UEFI Persistence via Wpbbin.exe File Creation' (#2714) 
* New test: T1542.001 - 'UEFI Persistence via Wpbbin.exe File Creation'

* Update T1542.001.yaml

---------

Co-authored-by: jandress <1542666+jandress@users.noreply.github.com>
 2024-03-01 13:22:39 -06:00
Atomic Red Team doc generator de85398163 Generated docs from job=generate-docs branch=master [ci skip] 2024-03-01 17:54:31 +00:00
Zitni Handoo 13937a18f4 Fix T1071.001 Test 2 (#2713) 
Test #2 for T1071.001 is currently not working properly, since the pre-requisite command is incorrect.
This change is to fix the md and yaml files to update the URL for curl
 2024-03-01 11:53:40 -06:00
Atomic Red Team doc generator 11a5b66c38 Generated docs from job=generate-docs branch=master [ci skip] 2024-02-29 01:57:59 +00:00
Atomic Red Team GUID generator f7c26683f5 Generate GUIDs from job=generate-docs branch=master [skip ci] 2024-02-29 01:57:47 +00:00