da79b028aa
fix misc formatting errors/extra fields ( #2634 )
2023-12-06 21:49:46 -05:00
b2bc904f4c
Generated docs from job=generate-docs branch=master [ci skip]
2023-12-04 18:56:01 +00:00
cc6a655d63
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-12-04 18:55:44 +00:00
bb601df2f8
Update T1112.yaml (Scarab Ransomware Defense Evasion Activities & Me… ( #2625 )
...
* Update T1112.yaml (Scarab Ransomware Defense Evasion Activities & Merdoor Backdoor Persistence Activities)
Scarab Ransomware Defense Evasion Activities
Merdoor Backdoor Persistence Activities
* Update T1112.yaml (Update Merdoor Backdoor article)
* Update T1112.yaml (Update Syntax Error)
* Update T1112.yaml (Update Syntax Error)
* Update T1112.yaml
---------
Co-authored-by: PhyoPaingHtun ChiLai <83696447+PhyoPaing777@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-12-04 12:55:07 -06:00
6607ee34b6
Generated docs from job=generate-docs branch=master [ci skip]
2023-12-04 18:35:28 +00:00
966bf4b50d
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-12-04 18:35:11 +00:00
b9ff7d2f85
Adding T1555.003 Test - Dump Chrome Login Data with esentutl ( #2628 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-12-04 12:34:29 -06:00
e6fb2beca0
Generated docs from job=generate-docs branch=master [ci skip]
2023-12-04 18:31:49 +00:00
d46b0d874e
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-12-04 18:31:36 +00:00
0e7356bccb
Update T1112.yaml (Update Disable FIDO Authentication) ( #2626 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-12-04 12:30:59 -06:00
d8b3cefbdb
Generated docs from job=generate-docs branch=master [ci skip]
2023-12-01 21:29:03 +00:00
5c63f2082e
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-12-01 21:28:45 +00:00
6879f4e317
Add tests for various shellcode running techniques using Go ( #2627 )
...
* Adding shellcode running techniques using Go
* Removing auto-generated guid before PR
---------
Co-authored-by: navsec <navsec@navsec.net >
2023-12-01 15:27:51 -06:00
23aa1d2ded
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-30 02:06:58 +00:00
a2e6f91c86
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-30 02:06:45 +00:00
160674855f
Adding T1087.002 Test - Ldapdomaindump on Linux ( #2605 )
...
* Update T1087.002.yaml
* Update T1087.002.yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2023-11-29 21:06:11 -05:00
b16ca202be
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-28 16:24:17 +00:00
f132339bf6
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-28 16:24:01 +00:00
8d981c0488
Update T1112.yaml (Activities To Disable Secondary Authentication Detected) ( #2619 )
...
* Update T1112.yaml
Disable Secondary Authentication Detected
* Update T1112.yaml
Added reference link in description
---------
Co-authored-by: PhyoPaingHtun ChiLai <83696447+PhyoPaing777@users.noreply.github.com >
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-28 10:23:25 -06:00
d39bc9e09b
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-28 16:18:43 +00:00
b915978256
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-28 16:18:27 +00:00
af453f3fcd
Reorganization ( #2621 )
...
Reordered so that a standard keychain dump is the first test because it seems to best fit the ATT&CK framework description. Then, separated previous list of certificate commands into 2 tests for clarity and easier use. Removed help command (security -h) and reorganized comments for clarity.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-28 10:17:42 -06:00
25b10a93d3
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-28 16:02:31 +00:00
3bd3ceb8a2
Update attack_api.rb ( #2624 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-28 10:01:37 -06:00
3a9bc49be3
updating atomics count in README.md [ci skip]
2023-11-28 15:58:51 +00:00
201ad3b17f
Validator changes ( #2622 )
2023-11-28 09:58:02 -06:00
7ae80c53e8
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-27 21:56:43 +00:00
3d383ee5f9
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-27 21:56:24 +00:00
352f85ee32
Add test for keychain dump ( #2620 )
...
* Add test for keychain dump
* remove empty keys
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-27 15:55:44 -06:00
9defc5c7ba
updating atomics count in README.md [ci skip]
2023-11-23 23:09:41 +00:00
278f7da632
remove duplicate key ( #2617 )
2023-11-23 17:09:04 -06:00
73a8730d95
updating atomics count in README.md [ci skip]
2023-11-23 17:39:59 +00:00
d70cc3fe9f
remove duplicate "elevation required" element ( #2616 )
2023-11-23 11:39:21 -06:00
7a5aedfb09
Bump jsonschema from 4.19.2 to 4.20.0 ( #2612 )
...
* Bump jsonschema from 4.19.2 to 4.20.0
Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema ) from 4.19.2 to 4.20.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases )
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.19.2...v4.20.0 )
---
updated-dependencies:
- dependency-name: jsonschema
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* updating atomics count in README.md [ci skip]
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: publish bot <opensource@redcanary.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-22 17:48:09 -05:00
60480bf6df
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-22 22:46:18 +00:00
55b75a5d25
T1069.002 test #6 - fix typo in command ( #2613 )
...
* T1069.002 test #6 - fix typo in command
* T1069.002 Test #6 fix typo in command
2023-11-22 17:45:26 -05:00
88d1fbb51d
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-20 03:11:31 +00:00
0a6beebd6c
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-20 03:11:16 +00:00
3ae37eaeb0
Lsass memory dump via SilentProcessExit technique ( #2611 )
...
* Lsass memory dump via SilentProcessExit technique
* fix yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-19 22:10:35 -05:00
bba1e1bc75
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-20 02:53:29 +00:00
73f61a7600
FreeBSD cleanup ( #2604 )
...
* FreeBSD cleanup
* fix T1059.004.yaml
* fix T1070.003.yaml
* cleanup
* Fix T1078.003
* fix t1078.003
* fix t1078.003
* fix t1078.003
2023-11-19 21:52:36 -05:00
ca9a658d79
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-19 19:23:53 +00:00
55cbd79603
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-19 19:23:38 +00:00
5641019462
Added test for T1070.006 - Timestomp for date modified using SetFile on MacOS ( #2608 )
...
* T1070.006 Timestomp for date modified using SetFile on MacOS
* cleanup
* cleanup
---------
Co-authored-by: amyheat <amyheat@rule10.net >
2023-11-19 14:23:04 -05:00
30aa7cfb02
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-17 17:49:45 +00:00
12e54c4d08
Nterl0k T1134.001-3 Nsussudio ( #2606 )
...
* Update T1134.001.md
* Update T1134.001.yaml
* Update T1134.001.yaml
* Update T1134.001.md
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-17 09:48:52 -08:00
04a5812d41
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-17 17:46:05 +00:00
5a9d3290f2
Generate GUIDs from job=generate-docs branch=master [skip ci]
2023-11-17 17:45:50 +00:00
2990b979ba
New LocalAdmin Persistence Technique ( #2602 )
...
* New LocalAdmin Persistence Technique
* use github permanent link
* remove guid
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2023-11-17 09:45:16 -08:00
4ef1397635
Generated docs from job=generate-docs branch=master [ci skip]
2023-11-17 17:35:58 +00:00
Tessa Georgen