security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,018 Commits 47 Branches 0 Tags
d8ffdf2ee657f317d8a2de6d1790bd92972e075e
Commit Graph

1253 Commits

Author SHA1 Message Date
CircleCI Atomic Red Team doc generator be41a50f01 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 22:27:49 +00:00
Brian Thacker 2cc548c118 Fix typo t1055 t1100 t1010 (#1007) 
* Path correction test 4

T1055 test 4 default path of exe_binary did not work on a standard system nor provide the flexibility of an input argument.

* Update T1100.yaml

Added /q (quiet mode) to the cleanup command to prevent command from hanging.

* Update T1010.yaml

Test 1 used a default path with an environment variable naming schema used with powershell not the executor command_prompt.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 16:27:29 -06:00
CircleCI Atomic Red Team doc generator 0160032da5 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 22:12:58 +00:00
Andrew Beers ef0e95bf50 T1500 - Dynamic C# Compile (#1008) 
* write test

* use input arg in command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 16:12:16 -06:00
CircleCI Atomic Red Team doc generator 3c588cc680 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 22:04:59 +00:00
Andrew Beers e0eaff95ea T1069 find local admins via group policy power view (#1006) 
* T1069 Find Local Admins via Group Policy (PowerView)

* fix default param

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 16:04:33 -06:00
CircleCI Atomic Red Team doc generator 7c87abef47 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:58:44 +00:00
Andrew Beers 5e050536c5 T1069 - Find local admins on all machines in domain (PowerView) (#1005) 
* write test

* add supported platforms

* remove extra space

* add command

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:58:24 -06:00
CircleCI Atomic Red Team doc generator f5dbf8e46c Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:39:13 +00:00
Andrew Beers b01a98f700 T1087 automated ad recon (ad recon) (#1004) 
* write test

* update cleanup

* refer to input arg

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:38:46 -06:00
CircleCI Atomic Red Team doc generator a34350f2f1 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:31:46 +00:00
Andrew Beers e3786e4dc3 write test (#1003) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:31:27 -06:00
CircleCI Atomic Red Team doc generator 9e89627f3b Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:30:14 +00:00
Andrew Beers 155e585847 write test (#1002) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-21 15:29:34 -06:00
CircleCI Atomic Red Team doc generator c8193d5227 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-21 21:23:48 +00:00
Andrew Beers e73b02b0b3 T1069 - Find machines where user has local admin access (PowerView) (#1001) 
* write test

* link to specific commit of file
 2020-05-21 15:23:28 -06:00
CircleCI Atomic Red Team doc generator f1cc467b21 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-20 15:58:43 +00:00
Andrew Beers f8cd169ca3 Move test to T1105 (#1000) 2020-05-20 09:58:20 -06:00
CircleCI Atomic Red Team doc generator 51ce388932 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-20 13:44:04 +00:00
Andrew Beers 1b2bf832c3 T1036 file extension masquerading fix (#999) 
* change executer to help with writing detection

* putting guid back in

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-20 07:43:35 -06:00
CircleCI Atomic Red Team doc generator 455840f3bb Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 20:18:24 +00:00
Andrew Beers 672bd86fff T1036 file extension masquerading (#997) 
* write test

* add files and test cases

* improve naming for exe files
 2020-05-15 14:18:08 -06:00
CircleCI Atomic Red Team doc generator 6bf2043590 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 18:44:41 +00:00
Andrew Beers 2e1e5b7d1d T1193 word spawned a command shell and used an ip address in the command line (#996) 
* ping command from vb script

* type fixes

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-15 12:44:06 -06:00
CircleCI Atomic Red Team doc generator 4615debb1b Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 17:26:49 +00:00
CircleCI Atomic Red Team doc generator 35c42f2c61 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-15 17:19:25 +00:00
Carrie Roberts bc4bcf8946 Merge branch 'master' into guid 2020-05-15 10:56:49 -06:00
Michael Haag 0ff5763604 T1114 - Email Collection (#993) 
* Breathed new life into T1114

* Update T1114.yaml

* Generate docs from job=validate_atomics_generate_docs branch=T1114-Fixing

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-14 16:54:20 -06:00
Michael Haag cbe842b8d8 T1003 pwcollector (#989) 
* T1003 - Chrome Password Collector

* Generate docs from job=validate_atomics_generate_docs branch=T1003-Pwcollector

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-14 16:48:14 -06:00
CircleCI Atomic Red Team doc generator 4c563459ce Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-14 22:43:48 +00:00
tlor89 2954c1fc39 T1027 4 update (#992) 
* T1027-4_Update

* T1027-4_Update

Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-14 16:43:28 -06:00
CircleCI Atomic Red Team doc generator 82af4ecbd9 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-14 16:54:18 +00:00
Carrie Roberts 52884708e4 typo fix (#987) 2020-05-14 10:53:50 -06:00
Michael Haag 2817e257d4 T1088 sdclt.exe UAC Bypass (#986) 
* T1088 sdclt Fileless UAC Bypass

Adding simple sdclt uac bypass to Atomic.

* Generate docs from job=validate_atomics_generate_docs branch=T1088-UAC

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-14 10:52:44 -06:00
CircleCI Atomic Red Team doc generator 5047631117 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-14 15:58:10 +00:00
Tsora-Pop cc4d7c0a86 Edited & Updated T1217 (#988) 
* Edited 1217  for Edge Chromium

Edited 1217 atomic as it also executes for Edge Chromium on Windows

* Updates T1217

Added Atomic for listing location of all FireFox bookmark databases

* typo fix

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-14 09:57:37 -06:00
CircleCI Atomic Red Team doc generator efb886208f Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-13 16:49:09 +00:00
Chirag Savla c350a2389d Added test for T1106 (#985) 
* Added test for T1106

* Added test for T1106

* Added test for T1106

* Added test for T1106

* Added test for T1106

* Added test for T1106

* Name and description updated

Removed the atomic test number because that is calculated based on the order the test shows up in the yaml. Added description of what user should expect by default it the test runs successfully.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-13 10:48:53 -06:00
tlor89 65bf09109d T1027_Folder_Update (#984) 
Co-authored-by: Toua Lor <tlor@nti.local>
 2020-05-13 10:00:29 -06:00
CircleCI Atomic Red Team doc generator 6f757a1f88 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-11 19:16:06 +00:00
CircleCI Atomic Red Team doc generator e5166f0e66 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-11 15:16:44 +00:00
Tsora-Pop bbec07bcd6 Update T1176 with Edge Chromium Addon - VPN (#980) 
* Update T1176 with Edge Chromium Addon - VPN

Added manual download, install, and cleanup for an Edge Chromium VPN extension.

* Update T1176 with Edge Chromium Addon - VPN

Added manual download, install, and cleanup for an Edge Chromium VPN extension.
 2020-05-11 09:16:17 -06:00
clr2of8 7a5287913e moved guid file to writable location 2020-05-08 00:10:28 -06:00
CircleCI Atomic Red Team doc generator 5859178fd7 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 16:32:18 +00:00
Carrie Roberts bc35907026 typo fix (#974) 2020-05-06 10:31:48 -06:00
CircleCI Atomic Red Team doc generator 06c2cb5074 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 16:27:13 +00:00
Jeremy Brooks c8520ab1af fix type in T1028 command (#976) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-06 10:26:34 -06:00
CircleCI Atomic Red Team doc generator da779f042d Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 16:23:43 +00:00
hypnoticpattern 7d63609ea3 Added dependencies and fixed tests for linux and macOS (#973) 
* Added dependencies and fixed tests

* Added description to dependencies.

* Executable presence checked in dependencies

Co-authored-by: hypnoticpattern <>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-05-06 10:22:48 -06:00
CircleCI Atomic Red Team doc generator d9dfeab6c2 Generate docs from job=validate_atomics_generate_docs branch=master 2020-05-06 13:34:18 +00:00