d8ffdf2ee6
Fixing broken link ( #1012 )
...
Fixed the broken link at the bottom of the page " Ready to start testing? [Get started!](https://github.com/redcanaryco/atomic-red-team/blob/master/testing )"
2020-05-28 17:50:04 -06:00
41f553d7ef
Python runner checks dependencies and run cleanup ( #1011 )
...
Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-26 12:44:05 -06:00
be41a50f01
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 22:27:49 +00:00
2cc548c118
Fix typo t1055 t1100 t1010 ( #1007 )
...
* Path correction test 4
T1055 test 4 default path of exe_binary did not work on a standard system nor provide the flexibility of an input argument.
* Update T1100.yaml
Added /q (quiet mode) to the cleanup command to prevent command from hanging.
* Update T1010.yaml
Test 1 used a default path with an environment variable naming schema used with powershell not the executor command_prompt.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 16:27:29 -06:00
0160032da5
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 22:12:58 +00:00
ef0e95bf50
T1500 - Dynamic C# Compile ( #1008 )
...
* write test
* use input arg in command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 16:12:16 -06:00
3c588cc680
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 22:04:59 +00:00
e0eaff95ea
T1069 find local admins via group policy power view ( #1006 )
...
* T1069 Find Local Admins via Group Policy (PowerView)
* fix default param
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 16:04:33 -06:00
7c87abef47
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 21:58:44 +00:00
5e050536c5
T1069 - Find local admins on all machines in domain (PowerView) ( #1005 )
...
* write test
* add supported platforms
* remove extra space
* add command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 15:58:24 -06:00
f5dbf8e46c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 21:39:13 +00:00
b01a98f700
T1087 automated ad recon (ad recon) ( #1004 )
...
* write test
* update cleanup
* refer to input arg
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 15:38:46 -06:00
a34350f2f1
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 21:31:46 +00:00
e3786e4dc3
write test ( #1003 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 15:31:27 -06:00
9e89627f3b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 21:30:14 +00:00
155e585847
write test ( #1002 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-21 15:29:34 -06:00
c8193d5227
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-21 21:23:48 +00:00
e73b02b0b3
T1069 - Find machines where user has local admin access (PowerView) ( #1001 )
...
* write test
* link to specific commit of file
2020-05-21 15:23:28 -06:00
f1cc467b21
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-20 15:58:43 +00:00
f8cd169ca3
Move test to T1105 ( #1000 )
2020-05-20 09:58:20 -06:00
51ce388932
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-20 13:44:04 +00:00
1b2bf832c3
T1036 file extension masquerading fix ( #999 )
...
* change executer to help with writing detection
* putting guid back in
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-20 07:43:35 -06:00
455840f3bb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 20:18:24 +00:00
672bd86fff
T1036 file extension masquerading ( #997 )
...
* write test
* add files and test cases
* improve naming for exe files
2020-05-15 14:18:08 -06:00
6bf2043590
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 18:44:41 +00:00
2e1e5b7d1d
T1193 word spawned a command shell and used an ip address in the command line ( #996 )
...
* ping command from vb script
* type fixes
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-15 12:44:06 -06:00
4615debb1b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 17:26:49 +00:00
7369a7d9a2
Merge pull request #995 from clr2of8/index-fix2
...
Fix missing T# Keys in index.yaml
2020-05-15 13:26:20 -04:00
d3291a2507
Merge branch 'master' into index-fix2
2020-05-15 13:25:26 -04:00
35c42f2c61
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-15 17:19:25 +00:00
65c50d7548
Merge pull request #977 from clr2of8/guid
...
Add a GUID to each atomic test
2020-05-15 13:18:57 -04:00
bc4bcf8946
Merge branch 'master' into guid
2020-05-15 10:56:49 -06:00
171428fe92
fix identifier
2020-05-14 18:53:36 -06:00
46fe9ba46a
fix identifier
2020-05-14 18:52:16 -06:00
9d36e4eed2
add executor name to csv index
2020-05-14 17:07:39 -06:00
0ff5763604
T1114 - Email Collection ( #993 )
...
* Breathed new life into T1114
* Update T1114.yaml
* Generate docs from job=validate_atomics_generate_docs branch=T1114-Fixing
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-14 16:54:20 -06:00
cbe842b8d8
T1003 pwcollector ( #989 )
...
* T1003 - Chrome Password Collector
* Generate docs from job=validate_atomics_generate_docs branch=T1003-Pwcollector
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-14 16:48:14 -06:00
4c563459ce
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-14 22:43:48 +00:00
2954c1fc39
T1027 4 update ( #992 )
...
* T1027-4_Update
* T1027-4_Update
Co-authored-by: Toua Lor <tlor@nti.local >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-14 16:43:28 -06:00
82af4ecbd9
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-14 16:54:18 +00:00
52884708e4
typo fix ( #987 )
2020-05-14 10:53:50 -06:00
2817e257d4
T1088 sdclt.exe UAC Bypass ( #986 )
...
* T1088 sdclt Fileless UAC Bypass
Adding simple sdclt uac bypass to Atomic.
* Generate docs from job=validate_atomics_generate_docs branch=T1088-UAC
Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-14 10:52:44 -06:00
5047631117
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-14 15:58:10 +00:00
cc4d7c0a86
Edited & Updated T1217 ( #988 )
...
* Edited 1217 for Edge Chromium
Edited 1217 atomic as it also executes for Edge Chromium on Windows
* Updates T1217
Added Atomic for listing location of all FireFox bookmark databases
* typo fix
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-14 09:57:37 -06:00
b15ce24af7
add guid to csv indexes
2020-05-13 12:05:36 -06:00
efb886208f
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-13 16:49:09 +00:00
c350a2389d
Added test for T1106 ( #985 )
...
* Added test for T1106
* Added test for T1106
* Added test for T1106
* Added test for T1106
* Added test for T1106
* Added test for T1106
* Name and description updated
Removed the atomic test number because that is calculated based on the order the test shows up in the yaml. Added description of what user should expect by default it the test runs successfully.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-05-13 10:48:53 -06:00
65bf09109d
T1027_Folder_Update ( #984 )
...
Co-authored-by: Toua Lor <tlor@nti.local >
2020-05-13 10:00:29 -06:00
6f757a1f88
Generate docs from job=validate_atomics_generate_docs branch=master
2020-05-11 19:16:06 +00:00
c17dbab6e8
Update links on Indexes ( #983 )
...
* index update
* index update
2020-05-11 13:15:27 -06:00
Omar Santos