security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,988 Commits 47 Branches 0 Tags
d87f86a4d684f47de4ba0348471efacde1b3239e
Commit Graph

4988 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bhavin Patel d87f86a4d6 Merge branch 'master' into pr-fix-upn-confusion 2023-03-17 14:11:42 -05:00
Atomic Red Team doc generator c3675964f8 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-17 19:00:35 +00:00
Atomic Red Team GUID generator fa1e708682 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-17 19:00:19 +00:00
Jose Enrique Hernandez 0f79569e2d Merge pull request #2321 from D4rkCiph3r/T1078.003 
Added 3 new tests T1078.003 - macOS
 2023-03-17 14:59:16 -04:00
Jose Enrique Hernandez 29aa3f07bf Merge branch 'master' into T1078.003 2023-03-17 12:38:36 -04:00
Atomic Red Team doc generator 8025353c3d Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 23:41:15 +00:00
Atomic Red Team GUID generator d62766548b Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-16 23:40:55 +00:00
Paul 73a144caa6 T1033-whoami-simplification (#2370) 
* Variation on system/user discovery

Slight variation on Test 1: System Owner/User Discovery. This is meant to be a stripped down version.

* Update T1033.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-03-16 17:39:46 -06:00
Atomic Red Team doc generator 077f0ac288 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 23:36:29 +00:00
Atomic Red Team GUID generator 824eb46e08 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-16 23:36:12 +00:00
Carrie Roberts 011e512d29 add Cobalt Strike named pipe atomics (#2372) 2023-03-16 17:35:10 -06:00
Atomic Red Team doc generator 809970561a Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 15:51:28 +00:00
Carrie Roberts 9fed5b2315 remove unused input arg (#2368) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-16 09:50:15 -06:00
Atomic Red Team doc generator 7db6b229bd Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 15:48:11 +00:00
Carrie Roberts 6a7bdf14d9 remove unused input arg (#2367) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-16 09:47:23 -06:00
Atomic Red Team doc generator 535c693a65 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-16 15:44:49 +00:00
Carrie Roberts 4d272cdcdc remove unused inputargs (#2366) 2023-03-16 09:44:03 -06:00
Clément Notin efd6dbb465 T098: accept UserPrincipalName for the "user_principal_name" argument 
In Azure AD a "user principal name" can be interpreted as the "name of a principal of type user"
or as the "UserPrincipalName (UPN)" user attribute!
But most people will expect the second meaning. Which is confusing since this test actually expects to see
the user display name in this attribute.

I think there was a confusion with the sibling test which is for "service principal",
so for which the argument to designate it by name is "service_principal_name".

With this change, there is no regression while being compatible with people passing a UPN to this argument.
 2023-03-15 18:25:11 +01:00
Atomic Red Team doc generator 159dda49d8 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-14 00:45:40 +00:00
Atomic Red Team GUID generator de0f49fb5c Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-14 00:45:21 +00:00
Bhavin Patel 8b6a61bff1 Merge pull request #2355 from sulakshan-kumar/Azure_Persistence_Automation_Runbook_Created_or_Modified 
Azure persistence automation runbook created or modified
 2023-03-13 17:44:44 -07:00
Bhavin Patel 9a084cbf66 Merge branch 'master' into Azure_Persistence_Automation_Runbook_Created_or_Modified 2023-03-13 17:44:08 -07:00
Atomic Red Team doc generator f6437b843f Generated docs from job=generate-docs branch=master [ci skip] 2023-03-14 00:43:58 +00:00
Atomic Red Team GUID generator 56840ea08a Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-14 00:43:40 +00:00
Bhavin Patel 94cedd4acf Merge pull request #2359 from m4nbat/gk-atomic-red-team-T1136.003-Azure-CLI 
Gk atomic red team t1136.003 azure cli
 2023-03-13 17:43:06 -07:00
Gavin Knapp 8a6b82d185 Merge branch 'master' into gk-atomic-red-team-T1136.003-Azure-CLI 2023-03-13 20:41:10 +00:00
Atomic Red Team doc generator d26d95d3f7 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:57:35 +00:00
Carrie Roberts 04b6a8fbc3 Adfind prereq fixes (#2360) 
* doesn't exfil data as written

* update prereqs

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-13 12:56:47 -06:00
Atomic Red Team doc generator c86971b4e7 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:54:24 +00:00
Carrie Roberts dbcf181202 fix typo (#2358) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-13 12:53:33 -06:00
Atomic Red Team doc generator c42cd26868 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:41:34 +00:00
Carrie Roberts 08f1fdcc2b use ART repo instead of ARTifacts (#2361) 
* use ART repo instead of ARTifacts

* typo fix
 2023-03-13 12:40:49 -06:00
Gavin Knapp c0b144a44a Update T1136.003.yaml 
removed auto_generated_guid field that was failing checks
 2023-03-11 13:40:18 +00:00
Gavin Knapp 434a54490d Update T1136.003.yaml 
fixed a couple of typos and removed a blank line
 2023-03-11 07:51:42 +00:00
Gavin Knapp cd12370a63 Update T1136.003.yaml 2023-03-10 21:49:39 +00:00
Gavin Knapp 937c62b9be Update T1136.003.yaml 2023-03-10 21:28:09 +00:00
Gavin Knapp 13c3f8361f Update T1136.003.yaml 
Added the same technique but via the azure cli with an automated login atomic which then creates  anew user via the Azure CLI
 2023-03-10 21:27:27 +00:00
Bhavin Patel cf4acdc527 Merge branch 'master' into Azure_Persistence_Automation_Runbook_Created_or_Modified 2023-03-09 14:44:58 -08:00
Atomic Red Team doc generator b65e562290 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-09 22:42:27 +00:00
Atomic Red Team GUID generator aaf3fd5992 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-09 22:42:12 +00:00
Bhavin Patel 8b7ba2fab9 Merge pull request #2352 from m4nbat/gk-atomic-red-team-T1136.003-UPDATE 
GK atomic red team t1136.003 update
 2023-03-09 14:41:47 -08:00
Bhavin Patel 6a4d1571f3 remove guid key 2023-03-09 14:39:07 -08:00
Bhavin Patel 9e0e9ebae4 Merge branch 'master' into gk-atomic-red-team-T1136.003-UPDATE 2023-03-09 14:37:57 -08:00
Atomic Red Team doc generator f982fdda71 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-09 16:50:59 +00:00
Zeta 8863da1c40 T1112: fix typo (#2357) 
fix typo
 2023-03-09 09:49:28 -07:00
sulakshan-kumar 6cf33d4a79 Update T1078.004.yaml 
updated "Azure Persistence Automation Runbook Created or Modified" scenario
 2023-03-07 15:39:29 +05:30
sulakshan-kumar e02b05f3b8 Update T1078.004.yaml 
Updated "Azure Persistence Automation Runbook Created or Modified" scenario.
 2023-03-07 15:33:43 +05:30
Gavin Knapp 83a170407a Merge branch 'redcanaryco:master' into gk-atomic-red-team-T1136.003-UPDATE 2023-03-04 15:30:26 +00:00
Atomic Red Team doc generator f296668303 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-02 15:30:01 +00:00
Jose Enrique Hernandez ccfababf58 T1140 bash base64 decode (#2353) 
* added a new test for base64 encoded shebang shells

* updated description

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-02 08:29:17 -07:00