e136a49db2
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 14:06:01 +00:00
af5fbff0f2
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-11 14:05:53 +00:00
3fcf639acf
Create T1120.yaml ( #1387 )
2021-02-11 07:05:39 -07:00
e529ce5732
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:52:32 +00:00
94791c8073
T1113 x windows capture prereqs ( #1382 )
...
* Update T1113.yaml
Added prereq commands to test 3 "X Windows Capture"
* Update T1113.yaml
errors with multi-line if statement. Condensed to one line
* Update T1113.yaml
Changed prereqs of test 3 to be the redhat default. Changed prereqs of test 3 to have more input arguments
* Update T1113.yaml
Fixed typo in descriptions.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-09 11:51:53 -07:00
e922799d43
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:16:39 +00:00
87c5003eb5
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:16:30 +00:00
9ae0109e92
Update T1218.010.yaml ( #1383 )
...
Added Test 5: Regsvr32 Silent DLL Install Call DllRegisterServer
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-09 11:16:09 -07:00
adb8256347
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:14:10 +00:00
c5d92bca5d
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-09 18:14:01 +00:00
f8c8fbcab1
Added Audit Policy Config based Logging Impairment ( #1378 )
...
* Added Audit Policy Config based Logging Impairment
Auditpol can be used to manipulate audit log configuration. Test 3 simulates the adversary disabling certain audit policies to prevent respective events from being recorded in the log
* Add link, update test name
Adding in the Solarigate write-up link for reference and also removing the test # from the title (this gets added automatically to the Markdown file)
* added cleanup commands
Hi Carrie, The pre-req commands enables the auditpols initially so that it can be disabled when the atomic command is executed. I have copied the same syntax as pre-req to clean-up so it is reinstated. Based on additional research I have several more commands of interest I would like to add which were not part of the MS article but would be considered suspicious. Shall I add them as separate tests? i.e. sub-commands such as clear, restore, remove
* Removed the dependency section
Removed the dependency section
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-02-09 11:13:25 -07:00
802c6f33bc
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:33:01 +00:00
333e2407af
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:32:53 +00:00
05ce4209b5
procdump mini dump ( #1380 )
...
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
2021-02-02 19:32:35 -07:00
16ad79e864
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-01 17:01:17 +00:00
b3b1a2bb68
typo fix ( #1379 )
2021-02-01 10:00:51 -07:00
3fe613c6dd
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-25 13:43:05 +00:00
3b9bddaf20
Ryuk ( #1376 )
...
* adjust for usability
* change executor
* add input arg
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-25 06:42:40 -07:00
0b39063268
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:46 +00:00
da83687a17
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:38 +00:00
373176bcba
T1490 - WBAdmin ( #1375 )
...
* Added wbadmin delete systemstatebackup
* Update T1490.yaml
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
2021-01-23 17:53:20 -07:00
57ba7350b8
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-22 16:30:47 +00:00
22c65f4acd
Fix to Cleanup Command for T1003.002 Test Number 3 ( #1374 )
2021-01-22 09:30:13 -07:00
7570e02911
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-21 18:48:01 +00:00
89de74b637
Updated Offline Credential Theft with mimikatz ( #1373 )
...
Updated the command segment related to guid: 453acf13-1dbd-47d7-b28a-172ce9228023
Existing request URL path doesn't exist in gentilkiwi's repo. Added code segment will obtain the latest mimikatz_trunk.zip from the repo.
I have repurposed the code segment done by Xiang ZHU https://copdips.com/2019/12/Using-Powershell-to-retrieve-latest-package-url-from-github-releases.html to meet the requirements here.
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-21 11:47:28 -07:00
05d2071e23
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:31 +00:00
52945641c0
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:23 +00:00
63d1e555d4
MSbuild inline task using Visual Basic ( #1371 )
...
* add visual basic test
* correct comment
2021-01-20 16:26:45 -07:00
bc705cb7aa
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:14:46 +00:00
1f26ebdb6c
typo corrections ( #1367 )
...
addresses issues #1365
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-13 12:14:14 -07:00
fca809efa6
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:12:56 +00:00
5c52612858
added details to the description ( #1366 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2021-01-13 12:12:24 -07:00
be8d3644f2
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:11:35 +00:00
06ce6b9f11
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:11:27 +00:00
030040bf73
Out minidump ( #1368 )
...
* Adding a test of Out-Minidump.ps1
Adding in a credential dumping test that leverages Out-Minidump.ps1 to dump the contents of lsass to disk for offline extraction
* Fixing cleanup path
Path is actually %TEMP%
Co-authored-by: jimmy astle <jastle@vmware.com >
2021-01-13 12:11:12 -07:00
471d30b4f3
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 03:23:42 +00:00
3f8e909392
T1560.001 prereqs tests1 2 4 ( #1363 )
...
* Update T1560.001.yaml
Changed Test 1 to do a silent install of winrar. Added prereqs to Test 2 to install winrar.
* Update T1560.001.yaml
Added prereq commands to Test 4 to download and install 7zip.
* Update T1560.001.yaml
changed command in test 4 to stop endlessly adding to archive new files
* Update T1560.001.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-12 20:22:57 -07:00
371eb3d609
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-11 03:40:28 +00:00
fa7f19ad7f
Update T1218.010.yaml ( #1364 )
...
Fix typo in command to avoid errors
2021-01-10 20:30:57 -07:00
9c1f9f733c
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:51:05 +00:00
18087c9ad8
Add DCShadow args for attribute and value ( #1362 )
...
It gives more choice in what to change instead of fixed "badpwdcount" and "9999"
Also rename "user" to "object" as it is more generic than only user objects
2021-01-08 09:50:18 -07:00
96f61076f9
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:42:27 +00:00
79f6986b1a
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:42:19 +00:00
42472533fa
Update T1048.003.yaml ( #1357 )
...
Hi,
I added two atomic tests for exfiltration using HTTP and SMTP.
1. Exfiltration Over Alternative Protocol - HTTP
2. Exfiltration Over Alternative Protocol - SMTP
Itamar
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:41:50 -07:00
c21c1ba13e
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:23:16 +00:00
a5af0cc644
Update T1218.010.yaml ( #1359 )
...
Modified T1218.010 to allow for modification of path and name of regsvr32.exe
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:22:48 -07:00
bbcf685889
Update T1055.cs ( #1361 )
...
dll was named incorrectly in .cs. Fixed and confirmed operational.
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:19:55 -07:00
c0591491f1
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:16:04 +00:00
39954ec1af
Update T1218.yaml ( #1360 )
...
Updated microsoft.workflow.compiler.exe test
Co-authored-by: mhaag-spl <76067280+mhaag-spl@users.noreply.github.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2021-01-08 09:15:29 -07:00
9660d0a33e
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:12:45 +00:00
CircleCI Atomic Red Team doc generator