security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
97 Commits 47 Branches 0 Tags
ebedfe3192be6f07b1992ecd99f3d044fe75b68c
Commit Graph

52 Commits

Author SHA1 Message Date
caseysmithrc 58426cd424 Merge pull request #29 from redcanaryco/dev-mh 
Updated Formatting + System Service Discovery
 2017-11-27 13:09:31 -07:00
Michael Haag 874b3cd787 Update README.md 2017-11-22 06:55:57 -08:00
Michael Haag f6bfcd4e52 Discovery.bat - add 
Added sc.exe query line
 2017-11-21 12:17:55 -08:00
Michael Haag c121d1539b Format Updates + System Service Discovery 
+ Updated format to Discovery md files
+ Added System Service Discovery
 2017-11-21 12:16:00 -08:00
caseysmithrc d851a275a6 Merge pull request #28 from redcanaryco/ChainReactions 
Account Manipulation + Chain Reactions Names
 2017-11-20 12:38:37 -07:00
Michael Haag bf35e2895e Update README.md 2017-11-20 11:37:27 -08:00
Michael Haag 8f42ea3fc4 Account Manipulation + Chain Reactions Names 
Changed CR names
+ Fixed .md for Account manipulation
 2017-11-20 11:34:34 -08:00
Michael Haag 253282bceb Format and edits 
Modified the format and cleaned it up.
 2017-11-20 11:27:50 -08:00
unbaiat 74c1c52bdb Create Account Manipulation 2017-11-20 20:18:03 +02:00
caseysmithrc c3d870f399 Update AtomicService.cs 2017-11-19 07:54:51 -07:00
caseysmithrc f84a365a73 Update AtomicService.cs 2017-11-19 07:53:03 -07:00
caseysmithrc d8a38ca5c4 Update Service_Installation.md 2017-11-19 07:51:59 -07:00
caseysmithrc df59f2be24 Service Binary Code 2017-11-19 07:42:50 -07:00
Yohann Lepage 2e675d73f8 Add T1050: Windows - Persistence - Service Installation 2017-11-16 23:27:14 +01:00
Michael Haag 18fa8c1218 Input Capture - Payload Reference fix 
Per https://github.com/redcanaryco/atomic-red-team/issues/22, fixing payload link location.
 2017-11-15 15:10:16 -08:00
caseysmithrc 6b562c96f6 credit for TimeStomp 2017-11-15 12:47:10 -07:00
Michael Haag ae5c62cb51 Timestomp 
Added Timestomp to Windows Matrix
 2017-11-15 10:43:55 -08:00
Michael Haag 99a153fde2 Added Timestomp 
+ Timestomp method
 2017-11-15 10:42:46 -08:00
caseysmithrc ddf8a8318a Updated Mimikatz References 
Updated References
 2017-11-13 15:10:25 -07:00
caseysmithrc 24e2671f45 Added Invoke-Mimnikatz 
Invoke-Mimikatz Locally
 2017-11-13 15:06:40 -07:00
caseysmithrc c03b740553 update instructions 
Update MHT To Doc Notes
 2017-11-13 11:54:20 -07:00
caseysmithrc 4439c529ea Sample VBA 
Sample VBA Downloader
 2017-11-13 11:53:35 -07:00
Michael Haag 407c84b6f5 Discovery Updates 
+ More Tasklist.exe adds
+ Modified file directory listing to be recursive.
 2017-11-13 11:02:39 -07:00
Michael Haag 26854f24b0 System Network Configuration Discovery 
+ Added System Network Configuration Discovery
 2017-11-13 05:01:03 -08:00
Michael Haag 705f7d4dcf Powershell - Bloodhound 
Added single command to download and execute Bloodhound.
 2017-11-10 13:52:27 -08:00
Brian Beyer 3b03b3e9b8 Rename Windows.md to README.md 2017-11-04 15:36:03 -04:00
caseysmithrc 666594cf6e Merge pull request #14 from redcanaryco/dev-mh 
GPP and bat fix
 2017-11-03 11:42:13 -06:00
Michael Haag d61e743c41 Discovery bat fix 
Removed a basic thing and made it even more basic
 2017-11-03 09:56:44 -07:00
Michael Haag e22d823c4b Credentials in Files 
+ Credentials in Files
+ add Get-GPPPassword.ps1
+ Update matrix
 2017-11-02 11:53:28 -07:00
caseysmithrc 2096d7d969 Merge pull request #13 from redcanaryco/dev-mh 
11-1-2017
 2017-11-01 17:38:33 -06:00
Michael Haag b48f9e5f22 Deobfuscate_Decode_Files_Or_Information 
Defense Evasion/Deobfuscate_Decode_Files_Or_Information Add
 2017-11-01 16:28:57 -07:00
Michael Haag a12f456ce3 remove ds 
dsstore goen
 2017-11-01 16:25:53 -07:00
caseysmithrc 06b210f766 certutil fix 2017-11-01 17:11:21 -06:00
Michael Haag 976f3ba40f Adds 
Security software discovery
system time discovery
 2017-11-01 16:02:40 -07:00
caseysmithrc 1e1ae19a33 certutil encode/decode 2017-11-01 16:52:46 -06:00
Michael Haag be85bb6afe Discovery bat 
+ Added reg queries to payload.
 2017-10-31 12:58:40 -07:00
Michael Haag 66c37e8b53 Evasion and exfil 
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware.
+ Added 2 ways to compress data with Powershell and rar.
 2017-10-31 12:56:52 -07:00
Michael Haag b144a64e43 Merge pull request #6 from redcanaryco/Collection 
Updated Windows Matrix
 2017-10-17 15:11:19 -07:00
Michael Haag 59722275f6 Updated Windows Matrix 
+ Added Clipboard Data
 2017-10-17 15:09:43 -07:00
caseysmithrc 0ad43f6b67 Merge pull request #5 from redcanaryco/Collection 
Windows - Collection
 2017-10-17 13:46:05 -06:00
Michael Haag cf3f201c94 Fix 
+ Line breaks
 2017-10-17 11:55:57 -07:00
Michael Haag 3c17d14b37 Fixed Clipboard 
+ Missing clip and made it completely compatible with powershell only now. No need to be in cmd.exe to start this.
 2017-10-16 13:19:20 -07:00
Matthew Green cfa399357b small change 2017-10-13 23:26:09 +11:00
Michael Haag 34dd80d94b Initial Commit 
+ Audio Capture
+ Automated Collection
+ Input Capture
+ collection bat
+ Payload
+ Updated Matrix
 2017-10-12 15:05:28 -07:00
Michael Haag 87743faf73 Discovery 
+ Added a Discovery bat file to run all the things at once. Generally, none of this activity is deemed "evil" as it is recon activity. Seeing it all run at once should be suspect to anyone.
+ Updates to two discovery files.
 2017-10-12 10:35:44 -07:00
caseysmithrc 086c43c191 Update Windows.md 2017-10-12 08:05:08 -07:00
Roman 09a3c0b2e5 Broken links 
due to typos
 2017-10-12 11:21:14 +02:00
Michael Haag 4d6d676be5 Cleanup 
Small adds and changes
 2017-10-11 20:27:24 -07:00
caseysmithrc 623ba37c58 Update Windows.md 2017-10-11 10:47:01 -07:00
caseysmithrc 479acc3aa8 Update Windows.md 2017-10-11 10:46:12 -07:00