atomic-red-team

Author	SHA1	Message	Date
CircleCI Atomic Red Team doc generator	e0d70c657d	Generate docs from job=validate_atomics_generate_docs branch=master	2019-02-14 06:09:52 +00:00
Tony M Lambert	d490f345a7	T1005 Safari CookieMiner Test (#454 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * Added Safari cookie search CookieMiner test	2019-02-13 22:09:44 -08:00
CircleCI Atomic Red Team doc generator	f2d16ae0c7	Generate docs from job=validate_atomics_generate_docs branch=master	2019-02-14 06:09:31 +00:00
Greg Foss	9b52b9ff4b	T1074 update for OSX and Linux (#457 ) * Add test for T1114 that extracts email from the local outlook instance * Update T1074 with Linux and OSX staged data tests	2019-02-13 22:09:23 -08:00
Brian Beyer	7f9c193f6c	update gems for security patches	2019-02-07 14:59:52 -07:00
Tony M Lambert	6566bb640a	Chain Reaction for IoT Mirai Malware Derivative Infections (#449 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * Mirai IoT Chain Reaction	2019-02-06 10:52:56 -08:00
Michael Haag	ec383fbb3c	Install-AtomicRedTeam Script (#450 ) * Initial Commit * Update install-atomicredteam.ps1 * Update install-atomicredteam.ps1 * Update install-atomicredteam.ps1 * Final @caseysmithrc Please review. * license fix license update * Update install-atomicredteam.ps1	2019-02-06 10:52:40 -08:00
Tony M Lambert	8e2ec0aae1	CookieMiner Chain Reaction (#451 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * CookieMiner initial commit * fix binary stuff * Make quieter * Ready for primetime	2019-02-06 10:52:31 -08:00
caseysmithrc	a53eb4d327	Update t1003 url (#405 ) * update url * Generate docs from job=validate_atomics_generate_docs branch=Update-T1003-url	2019-02-06 10:52:11 -08:00
CircleCI Atomic Red Team doc generator	a69319c513	Generate docs from job=validate_atomics_generate_docs branch=master	2019-02-05 21:05:39 +00:00
zpettry	0c445be847	Update T1088.md (#436 ) This test needs to use Powershell.	2019-02-05 13:05:31 -08:00
CircleCI Atomic Red Team doc generator	c7142a4487	Generate docs from job=validate_atomics_generate_docs branch=master	2019-02-05 21:05:23 +00:00
Tony M Lambert	b831127ab2	T1055 - Test for shared library injection on Linux (#448 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * T1055 - Added test for /etc/ld.so.preload addition	2019-02-05 13:05:15 -08:00
CircleCI Atomic Red Team doc generator	895c6f2d4f	Generate docs from job=validate_atomics_generate_docs branch=master	2019-02-05 21:05:01 +00:00
Tony M Lambert	469372005c	T1070 - Overwrite Mail Spool/Log File (#447 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * T1070 - Overwrite Mail/Log Tests from Rocke	2019-02-05 13:04:53 -08:00
Tony M Lambert	0ff328c3ba	T1107 - Filesystem Deletion from Amnesia malware (#446 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * T1107 - Delete Filesystem Test from Amnesia malware	2019-02-05 13:04:44 -08:00
Tony M Lambert	8c7abb226e	T1168 Improve Cron tests, add additional one (#445 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * T1168 - Improvements and additional cron tests	2019-02-05 13:04:36 -08:00
Tony M Lambert	4212ca043e	T1136 - useradd Linux test to replicate backdoor account from Butter (#444 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh * T1136 - Added useradd Linux test to replicate Butter attacks pattern	2019-02-05 13:04:27 -08:00
CircleCI Atomic Red Team doc generator	735447ace8	Generate docs from job=validate_atomics_generate_docs branch=master	2019-02-05 21:04:08 +00:00
Keep Watcher	79494d45a7	Changing file extension to yaml to match content (#442 )	2019-02-05 13:03:58 -08:00
Tony M Lambert	509bb5f3a1	T1222 - chattr test (#440 )	2019-02-05 13:03:48 -08:00
Tony M Lambert	f0985c5444	Chain Reaction - Rocke and Roll (#443 ) * initial commit * modified output style * final url changes * Update rocke-and-roll-stage-01.sh	2019-01-24 08:22:38 -08:00
CircleCI Atomic Red Team doc generator	805deeee31	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-21 19:49:11 +00:00
Keep Watcher	baba01109e	adding SSP mod simulation (#438 ) * adding SSP mod simulation * Update T1101.md	2019-01-21 11:49:01 -08:00
Tony M Lambert	da88f2baa2	T1099 Timestomp test with Rocke example (#439 )	2019-01-21 11:48:46 -08:00
CircleCI Atomic Red Team doc generator	e74554992e	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 22:14:59 +00:00
Tony M Lambert	4f5c279c61	T1009 - Adjust test with variable for execution (#418 )	2019-01-16 14:14:49 -08:00
CircleCI Atomic Red Team doc generator	37ca7e5fd0	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 17:25:14 +00:00
Ross Wolf	6b6f4beae5	Update flag for cmd.exe (#416 )	2019-01-16 09:25:04 -08:00
CircleCI Atomic Red Team doc generator	c65ed5d77e	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 17:24:56 +00:00
Tony M Lambert	d76e946bc2	T1002 - Reorganize tests for better execution with framework (#417 )	2019-01-16 09:24:48 -08:00
CircleCI Atomic Red Team doc generator	87bd65c63c	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 17:24:38 +00:00
Tony M Lambert	832a907d54	T1174 Password Filter DLL PoSH test (#420 )	2019-01-16 09:24:29 -08:00
CircleCI Atomic Red Team doc generator	d8510e729b	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 17:24:16 +00:00
Tony M Lambert	78bedf0e45	T1107 Fix wbadmin test (#421 )	2019-01-16 09:24:09 -08:00
Tony M Lambert	dfabc52d64	T1107 File Deletion reorg with variables (#423 )	2019-01-16 09:23:55 -08:00
CircleCI Atomic Red Team doc generator	bb07c4ac15	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 17:23:40 +00:00
JimmyAstle	61ffc53425	Register-CimProvider Atomic test (#435 ) A quick atomic test that utilizes register-cimprovider to execute a dll that pops calc.	2019-01-16 09:23:29 -08:00
CircleCI Atomic Red Team doc generator	7554e9b644	Generate docs from job=validate_atomics_generate_docs branch=master	2019-01-16 16:17:22 +00:00
Keith McCammon	5c3f5b6389	Merge pull request #424 from ForensicITGuy/t1166-setuidgid T1166 SetUID SetGID add tests with variables	2019-01-16 09:17:12 -07:00
CircleCI Atomic Red Team doc generator	063e489114	Generate docs from job=validate_atomics_generate_docs branch=master	2018-12-13 16:07:16 +00:00
Tony M Lambert	0779b60397	T1010 App Window Discovery with C# (#429 )	2018-12-13 08:07:08 -08:00
CircleCI Atomic Red Team doc generator	8243dfedec	Generate docs from job=validate_atomics_generate_docs branch=master	2018-12-13 16:06:56 +00:00
Tony M Lambert	4334a8c0b0	T1007 Service Discovery Net Start to File (#428 )	2018-12-13 08:06:48 -08:00
CircleCI Atomic Red Team doc generator	07079c9ed7	Generate docs from job=validate_atomics_generate_docs branch=master	2018-12-13 16:06:36 +00:00
Tony M Lambert	0f576dd03f	T1004 Winlogon Helper DLLs (#427 )	2018-12-13 08:06:28 -08:00
Tony M Lambert	5da497ed1d	T1156 .bash_profile .bashrc reorg into separate tests (#426 )	2018-12-13 08:06:19 -08:00
Tony M Lambert	15b6f10135	T1009 Binary Padding reorg with variables (#425 )	2018-12-13 08:06:12 -08:00
Tony M Lambert	a49998432e	T1088 Fodhelper UAC Bypass and PoSH tests (#422 )	2018-12-13 08:06:02 -08:00
Tony M Lambert	6725795d88	T1166 SetUID SetGID add tests with variables	2018-12-11 00:31:19 -06:00

1 2 3 4 5 ...

1179 Commits