security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,589 Commits 47 Branches 0 Tags
d3a53714b4e169c5def9b5a63ea4be6267f2bd7a
Commit Graph

3589 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113 d3a53714b4 Add persistance via Recycle bin (#1809) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:41:04 -06:00
CircleCI Atomic Red Team doc generator 042bd99bdd Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:38:48 +00:00
CircleCI Atomic Red Team GUID generator 0f87abb865 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:38:42 +00:00
frack113 f6a8e78538 pnputil lolbin (#1808) 
* pnputil lolbin

* spelling

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:38:08 -06:00
CircleCI Atomic Red Team doc generator 1209d7b0f6 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:32:56 +00:00
CircleCI Atomic Red Team GUID generator 5e47dae27b Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 17:32:49 +00:00
Michael Haag 687da9235b AD Enumeration - user/groups, pw policy (#1807) 
* More AD

* fix conflict resolution mistake

* add powershell

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-14 11:32:18 -06:00
CircleCI Atomic Red Team doc generator 4c019a8936 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 16:44:03 +00:00
CircleCI Atomic Red Team GUID generator b52281c4cd Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-14 16:43:54 +00:00
Michael Haag d1e3e11730 AD Searching and powerview (#1806) 
* ADSI

* new atomics
 2022-03-14 10:43:19 -06:00
CircleCI Atomic Red Team doc generator 8aedc6cdd9 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-09 21:03:01 +00:00
Carrie Roberts 4e7a2ed599 fix prereq for screenshot test (#1805) 2022-03-09 14:02:31 -07:00
CircleCI Atomic Red Team doc generator 82df99e7c8 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-09 16:16:04 +00:00
CircleCI Atomic Red Team GUID generator 455cd5837e Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-09 16:15:58 +00:00
Leo Verlod 5148b9db57 Adding T1003.007 Test 3 - MimiPenguin Usage (#1804) 
Adding T1003.007 Test 3 - Capture Passwords with MimiPenguin. This test is designed to run the MimiPenguin script, which takes advantage of a vulnerability in Ubuntu-based distros, as well as certain versions of GNOME Keyring, in order to capture passwords in cleartext. Upon successful execution, user passwords will be exported to a file and displayed on-screen.
 2022-03-09 09:15:17 -07:00
CircleCI Atomic Red Team doc generator 6052b5118a Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-08 01:33:09 +00:00
SecWilson 42dd141032 Fixing Blackbyte Cleanup Commands (#1802) 
Co-authored-by: Wilson <SWilson@nti.local>
 2022-03-07 18:32:31 -07:00
CircleCI Atomic Red Team doc generator 682d8d732b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:34:07 +00:00
CircleCI Atomic Red Team GUID generator 03c3400af9 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:34:02 +00:00
SecWilson 43fa5fb8a0 Blackbyte privilege escalation via Powershell (#1796) 
Co-authored-by: Wilson <SWilson@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-07 10:33:31 -07:00
CircleCI Atomic Red Team doc generator 7dd9d481b5 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:18:44 +00:00
CircleCI Atomic Red Team GUID generator a38b68f067 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 17:18:39 +00:00
Leo Verlod 5388982089 Adding T1059.003 Test 4 - BlackByte Print Bombing (#1799) 
Adding T1059.003 Test 4, which is designed to emulate the print bombing behavior observed in recent BlackByte ransomware attacks.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-07 10:18:20 -07:00
CircleCI Atomic Red Team doc generator c81858120b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-07 16:39:15 +00:00
lucasRiley 999d18a36d T1059.005 Fix Cleanup and Prereq (#1798) 
Co-authored-by: Riley <lriley@NTI.local>
 2022-03-07 09:38:41 -07:00
CircleCI Atomic Red Team doc generator a3717a8c52 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-04 04:34:08 +00:00
CircleCI Atomic Red Team GUID generator b355887a3c Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-04 04:34:02 +00:00
Adam Mashinchi 4ace9f41d2 Update T1036.005.yaml (#1795) 
Cleanup file and add new test "Masquerade" test.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-03 22:33:27 -06:00
CircleCI Atomic Red Team doc generator 0e616b34b3 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-02 22:00:09 +00:00
CircleCI Atomic Red Team GUID generator 28e7237bc1 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-02 22:00:03 +00:00
SecWilson b62ba2e548 Atomic that mimics recent Qakbot behavior (#1793) 
* Atomic that mimics recent Qakbot behavior

* small edits

removed elevation_required, shortened test name, made some readability updates.

Co-authored-by: Wilson <SWilson@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2022-03-02 14:59:28 -07:00
CircleCI Atomic Red Team doc generator 9d17172d5b Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-02 20:37:37 +00:00
CircleCI Atomic Red Team GUID generator 150d0db325 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-03-02 20:37:30 +00:00
Leo Verlod a24baaf6da Adding T1217 Test 8 - List Safari Bookmarks (#1794) 
Adding T1217 Test 8 - List Safari Bookmarks for MacOS. This test locates any Safari bookmarks files and outputs the file paths to a text document.
 2022-03-02 13:36:51 -07:00
CircleCI Atomic Red Team doc generator 021449e282 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-28 19:20:26 +00:00
Carrie Roberts a1f4a9b8e2 move uacme.zip into RC repo (#1790) 
* move uacme.zip into RC repo

* set outfile
 2022-02-28 12:19:52 -07:00
dependabot[bot] e6dcefa095 Bump nokogiri from 1.12.5 to 1.13.3 (#1791) 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-26 14:58:50 -06:00
CircleCI Atomic Red Team doc generator 74bdf86845 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-24 21:32:47 +00:00
CircleCI Atomic Red Team GUID generator 3ebf9c41ff Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-24 21:32:42 +00:00
Leo Verlod c01fece41f Adding T1090.003 Test 4 - Tor Proxy Usage on MacOS (#1789) 
This test is designed to launch the Tor proxy service on MacOS.
 2022-02-24 14:32:16 -07:00
CircleCI Atomic Red Team doc generator 1693f83068 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-22 23:58:21 +00:00
CircleCI Atomic Red Team GUID generator 66ecac79c7 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-22 23:58:16 +00:00
BigPint 285db746a7 Initial creation of BlackByte Ransomware Registry Changes atomic (#1787) 
* Initial creation of BlackByte Ransomware Registry Changes atomic

* Updated T1112 Yaml

Added line at the end
Removed auto guid
added -cmd to test name

Co-authored-by: Wilson <SWilson@nti.local>
 2022-02-22 17:57:54 -06:00
CircleCI Atomic Red Team doc generator 021fe46502 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-22 15:39:03 +00:00
CircleCI Atomic Red Team GUID generator 319908bbc5 Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-22 15:38:58 +00:00
Leo Verlod a50772cdf6 Adding T1090.003 Test 3 - Tor Usage on Debian/Ubuntu (#1786) 2022-02-22 08:38:30 -07:00
CircleCI Atomic Red Team doc generator 6bacc32286 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-21 17:35:33 +00:00
CircleCI Atomic Red Team GUID generator 79ff4f08bc Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-21 17:35:27 +00:00
frack113 771a4fba70 Sigma sysmon_susp_mic_cam_access (#1785) 2022-02-21 10:34:57 -07:00
CircleCI Atomic Red Team doc generator 2f802d60e7 Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] 2022-02-18 18:00:32 +00:00