security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,654 Commits 47 Branches 0 Tags
e5ed8e7670acd4cd2940e7a53e5b9c1948fbea02
Commit Graph

1654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andras32 e5ed8e7670 Fixed ExecutionLog TestName field (#796) 2020-01-24 08:21:54 -07:00
CircleCI Atomic Red Team doc generator 42687f2055 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-23 20:26:46 +00:00
MrOrOneEquals1 2ee6318e8b Add Open Port Checker - T1016 (#794) 
* only show cleanup with inputs if there are inputs

* test

* Open Ports added to T1016

* Fix Accidental Change

* Fix type

* Fix underscore naming error

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-23 13:26:24 -07:00
CircleCI Atomic Red Team doc generator 3f5971565f Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-23 03:38:09 +00:00
Carrie Roberts 119ffdf03f move emond test into correct T# (#791) 
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
 2020-01-22 21:37:46 -06:00
CircleCI Atomic Red Team doc generator 8881bdb002 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-23 03:36:42 +00:00
Carrie Roberts 0dcde71a15 Asynchronous Attack Execution and other handy things (#790) 
* execute attack in separate process

* install from custom repoOwner and branch

* remove zip after install

* added showdetails brief and sleep for linux output

* remove positional param spec

* replacing special PathToAtomicsFolder in commands

* use pwsh on linux

* kill proc tree linux

* include path in remove-item

* update readme

* update readme

* update readme

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
 2020-01-22 21:36:20 -06:00
CircleCI Atomic Red Team doc generator 3ef533126a Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-23 03:08:33 +00:00
JB cc6735d7f7 Added clean-up, automation of test 1, aligned tests with specs (#746) 
* fixed path to /src in test 1+ minor spec fix

-updated supported platforms, duplicates

* mv hello.c to /src (delete file)

* sample c script (moved from root directory)

* Automated test 1, added clean-up to all 3 tests

-Automated test 1 (Make and modify file from C Source)
-added clean-up to all 3 tests
-added touch command to make 'default file' on tests 2 and 3 (in case no other file provided)

* added PathToAtomic varible per reviewer, added fix to avoid changing file in atomics folder

* Update T1166.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
Co-authored-by: Keith McCammon <keith@mccammon.org>
 2020-01-22 20:08:15 -07:00
Tony M Lambert 45746eea98 T1096 Test to Write File in ADS (#697) 
* T1096 Test to Write File in ADS

* Generate docs from job=validate_atomics_generate_docs branch=t1096-ads-write

* Adding T1096 prereq and cleanup commands

* Generate docs from job=validate_atomics_generate_docs branch=t1096-ads-write

* T1096 Fix prereq and cleanup

* Generate docs from job=validate_atomics_generate_docs branch=t1096-ads-write

Co-authored-by: Keith McCammon <keith@mccammon.org>
 2020-01-22 20:09:50 -06:00
CircleCI Atomic Red Team doc generator 27f7c3484a Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-22 15:16:03 +00:00
rsjohnson07 65ecf19fdb Update T1170.yaml (#789) 
Change test # 4 Mshta Executes Remote HTML Application (HTA) 
Updated executor 
Updated commands syntax 
Added Clean up command
 2020-01-22 08:15:30 -07:00
Tony M Lambert 8d4be7584e T1490 PowerShell deleting shadow copies (#785) 
* Add T1490 test for Sodinokibi VSC deletion

* Generate docs from job=validate_atomics_generate_docs branch=t1490-wmiobject

* Generate docs from job=validate_atomics_generate_docs branch=t1490-wmiobject

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-21 11:39:36 -07:00
Carrie Roberts 42afe34cd3 check for null commands (#787) 2020-01-21 12:30:03 -06:00
CircleCI Atomic Red Team doc generator a956d4640f Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-21 18:12:06 +00:00
Tony M Lambert a4c9ee4430 Replay the Dependencies Merge (#786) 
* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* lowercase url

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* lowercase url

* fixing yaml spacing issue

* correcting input name

* rm to del

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-21 12:11:45 -06:00
CircleCI Atomic Red Team doc generator 82bc6fab20 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-21 04:40:22 +00:00
Makenzie Schwartz c20e2135ed Fix incorrect reg value type (#780) 2020-01-20 21:40:06 -07:00
CircleCI Atomic Red Team doc generator caeea44b95 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-19 05:09:19 +00:00
san-gwea f2fbeb18ed T1003 rm (#778) 
* show executor and privilege requirement

* added an atomic to add c2 domain under trusted zoneMap

* corrected typos

* modified adding a domain by creating one the key is not there

* moved registry modification atomic under T1112

* updated local execution file to be current

* corrected typos

* replaced rm by del for tests with executor as command_prompt

* changing rm to del for command_prompt

* Update T1102.yaml

* Update T1112.yaml

my local repo was behind. This file wasn't changed this time.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-18 22:09:07 -07:00
CircleCI Atomic Red Team doc generator 3c40408ad2 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-18 18:47:54 +00:00
JB b4ded762d4 moving recently added source files to /src per project spec (#783) 
* updates paths to files

* moving T1170.hta to the source directory

* moving mshta.sct to the /src directory

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-18 11:47:37 -07:00
CircleCI Atomic Red Team doc generator f0579aa1e7 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-18 18:42:43 +00:00
JB 4c8ae4c7bc renamed folder paths and moved files to match current project spec (#782) 
* renaming /shells directory to /src to bring up to current project spc

* moving files...

* ..moving files..

* moving files

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-18 11:42:28 -07:00
CircleCI Atomic Red Team doc generator b98561d215 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-18 18:41:01 +00:00
Brandon Morgan ef772a3af9 pypykatz registry and LSASS tests (#784) 
* pypykatz registry and LSASS tests

* typo fix
 2020-01-18 11:40:45 -07:00
CircleCI Atomic Red Team doc generator 3643481bf1 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-17 23:54:26 +00:00
san-gwea 413aa26cac clean up : Added "-ErrorAction Ignore" to remove error for file not created (#777) 
* show executor and privilege requirement

* added an atomic to add c2 domain under trusted zoneMap

* corrected typos

* modified adding a domain by creating one the key is not there

* moved registry modification atomic under T1112

* updated local execution file to be current

* corrected typos

* corrected typos

* added suppression for file not found in clean up

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-17 16:53:50 -07:00
CircleCI Atomic Red Team doc generator a526aa7729 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-14 16:43:16 +00:00
san-gwea 66bf73a44b atomic for modifying ZoneMap under internet settings and adding a c2 domain (#775) 
* show executor and privilege requirement

* added an atomic to add c2 domain under trusted zoneMap

* corrected typos

* modified adding a domain by creating one the key is not there

* moved registry modification atomic under T1112

* updated local execution file to be current

* corrected typos

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-14 09:42:51 -07:00
CircleCI Atomic Red Team doc generator 70defe4dc9 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-14 16:33:58 +00:00
Andrew Beers 7988bb05e8 Tamper with Windows Defender ATP (#776) 
* write tests

* Add command prompt tampering

* disable using registry

* fix captialization
 2020-01-14 09:33:36 -07:00
Tony M Lambert c3b398e48c Revert "Add Dependencies section to test Yaml and support to use them… (#773) 
* Revert "Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772)"

This reverts commit 511bb87af2.

* Generate docs from job=validate_atomics_generate_docs branch=revert-511bb87af29fb302dbd9e85bd93c2c00a47953ba
 2020-01-09 09:12:38 -06:00
CircleCI Atomic Red Team doc generator 96edae69d4 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-09 14:36:26 +00:00
Carrie Roberts 511bb87af2 Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772) 
* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* first draft at dependencies

* lowercase url
 2020-01-09 07:36:07 -07:00
Tony M Lambert 550ba03c22 T1063 Discover AV via WMI (#770) 
* T1063 Query AV via WMI test

* Generate docs from job=validate_atomics_generate_docs branch=t1063-poison-frog

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-08 13:06:24 -07:00
CircleCI Atomic Red Team doc generator bba9f2f738 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-08 19:47:52 +00:00
Carrie Roberts 2ed57f2a9b Locking down payloads to a specific version (#737) 
* lock payloads to specific version

* lock payloads to specific version

Co-authored-by: Michael Haag <mike@redcanary.com>
 2020-01-08 12:47:34 -07:00
Carrie Roberts 5cd5133763 Admin not required to install atomic-red-team (#731) 
* no admin required for install

* no admin required for install

* update readme

* update readme

* update readme
 2020-01-08 12:45:50 -07:00
Michael Haag ab03b826f8 Typo Fix (#771) 
Fixed a small typo.
 2020-01-08 12:40:18 -07:00
CircleCI Atomic Red Team doc generator dfa7d4e513 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-06 21:18:03 +00:00
Andrew Beers a0b8d7e438 More test improvements (#732) 
* update tests

* T1518 improvements

* remove prereq commands

* fix typo

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-06 14:17:45 -07:00
CircleCI Atomic Red Team doc generator 2156972ed0 Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-06 21:14:46 +00:00
Luminous-InfiniTom dc9531aa03 Added Chrome Bookmark checking atomics to T1217' (#765) 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-06 14:14:26 -07:00
CircleCI Atomic Red Team doc generator 23285cf6cb Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-06 21:07:55 +00:00
Micheal Fleck 7065f37725 Updates for Powershell (#767) 
Updated to Powershell to allow for branch testing and creation of keys

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-06 14:07:33 -07:00
CircleCI Atomic Red Team doc generator 792bd4b12b Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-06 21:06:24 +00:00
JB 73a8220b24 Moved source code files used in tests 1 & 2 to /src per project specs (#764) 
* fixed download paths so that after moving source files they will point to the right place

* moving source file (used in test 1) to /src

* moving source code file (used in test 2) to /src

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2020-01-06 14:05:46 -07:00
CircleCI Atomic Red Team doc generator 60a8bb70ba Generate docs from job=validate_atomics_generate_docs branch=master 2020-01-06 21:02:26 +00:00
JB b2d25ea9bc Updated atomic test 3 for better alignment with T1074 (Staging) (#763) 
Test was written previously for T1022 and then moved here; T1022 already has very similar tests, but it is useful here so just reworded test 3.
 2020-01-06 14:02:07 -07:00