security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,963 Commits 47 Branches 0 Tags
efd6dbb4655e1f43beb7a8b3b0b60798d3fc2d53
Commit Graph

4963 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Clément Notin efd6dbb465 T098: accept UserPrincipalName for the "user_principal_name" argument 
In Azure AD a "user principal name" can be interpreted as the "name of a principal of type user"
or as the "UserPrincipalName (UPN)" user attribute!
But most people will expect the second meaning. Which is confusing since this test actually expects to see
the user display name in this attribute.

I think there was a confusion with the sibling test which is for "service principal",
so for which the argument to designate it by name is "service_principal_name".

With this change, there is no regression while being compatible with people passing a UPN to this argument.
 2023-03-15 18:25:11 +01:00
Atomic Red Team doc generator 159dda49d8 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-14 00:45:40 +00:00
Atomic Red Team GUID generator de0f49fb5c Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-14 00:45:21 +00:00
Bhavin Patel 8b6a61bff1 Merge pull request #2355 from sulakshan-kumar/Azure_Persistence_Automation_Runbook_Created_or_Modified 
Azure persistence automation runbook created or modified
 2023-03-13 17:44:44 -07:00
Bhavin Patel 9a084cbf66 Merge branch 'master' into Azure_Persistence_Automation_Runbook_Created_or_Modified 2023-03-13 17:44:08 -07:00
Atomic Red Team doc generator f6437b843f Generated docs from job=generate-docs branch=master [ci skip] 2023-03-14 00:43:58 +00:00
Atomic Red Team GUID generator 56840ea08a Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-14 00:43:40 +00:00
Bhavin Patel 94cedd4acf Merge pull request #2359 from m4nbat/gk-atomic-red-team-T1136.003-Azure-CLI 
Gk atomic red team t1136.003 azure cli
 2023-03-13 17:43:06 -07:00
Gavin Knapp 8a6b82d185 Merge branch 'master' into gk-atomic-red-team-T1136.003-Azure-CLI 2023-03-13 20:41:10 +00:00
Atomic Red Team doc generator d26d95d3f7 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:57:35 +00:00
Carrie Roberts 04b6a8fbc3 Adfind prereq fixes (#2360) 
* doesn't exfil data as written

* update prereqs

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-13 12:56:47 -06:00
Atomic Red Team doc generator c86971b4e7 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:54:24 +00:00
Carrie Roberts dbcf181202 fix typo (#2358) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-13 12:53:33 -06:00
Atomic Red Team doc generator c42cd26868 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-13 18:41:34 +00:00
Carrie Roberts 08f1fdcc2b use ART repo instead of ARTifacts (#2361) 
* use ART repo instead of ARTifacts

* typo fix
 2023-03-13 12:40:49 -06:00
Gavin Knapp c0b144a44a Update T1136.003.yaml 
removed auto_generated_guid field that was failing checks
 2023-03-11 13:40:18 +00:00
Gavin Knapp 434a54490d Update T1136.003.yaml 
fixed a couple of typos and removed a blank line
 2023-03-11 07:51:42 +00:00
Gavin Knapp cd12370a63 Update T1136.003.yaml 2023-03-10 21:49:39 +00:00
Gavin Knapp 937c62b9be Update T1136.003.yaml 2023-03-10 21:28:09 +00:00
Gavin Knapp 13c3f8361f Update T1136.003.yaml 
Added the same technique but via the azure cli with an automated login atomic which then creates  anew user via the Azure CLI
 2023-03-10 21:27:27 +00:00
Bhavin Patel cf4acdc527 Merge branch 'master' into Azure_Persistence_Automation_Runbook_Created_or_Modified 2023-03-09 14:44:58 -08:00
Atomic Red Team doc generator b65e562290 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-09 22:42:27 +00:00
Atomic Red Team GUID generator aaf3fd5992 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-09 22:42:12 +00:00
Bhavin Patel 8b7ba2fab9 Merge pull request #2352 from m4nbat/gk-atomic-red-team-T1136.003-UPDATE 
GK atomic red team t1136.003 update
 2023-03-09 14:41:47 -08:00
Bhavin Patel 6a4d1571f3 remove guid key 2023-03-09 14:39:07 -08:00
Bhavin Patel 9e0e9ebae4 Merge branch 'master' into gk-atomic-red-team-T1136.003-UPDATE 2023-03-09 14:37:57 -08:00
Atomic Red Team doc generator f982fdda71 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-09 16:50:59 +00:00
Zeta 8863da1c40 T1112: fix typo (#2357) 
fix typo
 2023-03-09 09:49:28 -07:00
sulakshan-kumar 6cf33d4a79 Update T1078.004.yaml 
updated "Azure Persistence Automation Runbook Created or Modified" scenario
 2023-03-07 15:39:29 +05:30
sulakshan-kumar e02b05f3b8 Update T1078.004.yaml 
Updated "Azure Persistence Automation Runbook Created or Modified" scenario.
 2023-03-07 15:33:43 +05:30
Gavin Knapp 83a170407a Merge branch 'redcanaryco:master' into gk-atomic-red-team-T1136.003-UPDATE 2023-03-04 15:30:26 +00:00
Atomic Red Team doc generator f296668303 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-02 15:30:01 +00:00
Jose Enrique Hernandez ccfababf58 T1140 bash base64 decode (#2353) 
* added a new test for base64 encoded shebang shells

* updated description

---------

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
 2023-03-02 08:29:17 -07:00
m4nbat c1079b58f6 Merge branch 'redcanaryco:master' into gk-atomic-red-team-T1136.003-UPDATE 2023-03-02 14:40:19 +00:00
m4nbat 16c9bcfc07 Update T1136.003.yaml 
Changed the way I did the test after some additional testing and playing around.
 2023-03-02 14:39:37 +00:00
Atomic Red Team doc generator 2f53466792 Generated docs from job=generate-docs branch=master [ci skip] 2023-03-01 22:06:40 +00:00
Atomic Red Team GUID generator 20fc4c5d66 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-03-01 22:06:24 +00:00
Jose Enrique Hernandez 63dc1ce0f1 added a new test for base64 encoded shebang shells (#2351) 2023-03-01 15:05:51 -07:00
Atomic Red Team doc generator ba2dd8d1cd Generated docs from job=generate-docs branch=master [ci skip] 2023-02-28 21:24:39 +00:00
Atomic Red Team GUID generator c966568506 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-02-28 21:24:22 +00:00
Bhavin Patel b1bc38cd46 Merge pull request #2314 from 0xv1n/cloud-discovery 
Begin T1580 Coverage - AWS
 2023-02-28 13:23:55 -08:00
Bhavin Patel 052ae5d5ed Merge branch 'master' into cloud-discovery 2023-02-28 13:23:09 -08:00
m4nbat f756a442c3 Update T1136.003.yaml 
Updated T1136.003 Create Account: Cloud Account and added a new atomic test for a user being created in azure
 2023-02-28 18:57:28 +00:00
0xv1n 1a12e7dc3e Update T1580.yaml 2023-02-27 14:25:02 -05:00
0xv1n 266a3f4321 typo 2023-02-27 13:32:47 -05:00
Atomic Red Team doc generator e56e34fac4 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-27 18:25:15 +00:00
Atomic Red Team GUID generator b56af9f7d8 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-02-27 18:24:56 +00:00
Brandon Tirado 26b5e537c8 Update T1087.002.yaml (#2349) 
* Update T1087.002.yaml

Added Wevtutil - Discover NTLM Users Remote

* added link to more info

* Update T1087.002.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
 2023-02-27 11:24:14 -07:00
Atomic Red Team doc generator 6d416704c9 Generated docs from job=generate-docs branch=master [ci skip] 2023-02-27 18:15:32 +00:00
Atomic Red Team GUID generator 98f05c9777 Generate GUIDs from job=generate-docs branch=master [skip ci] 2023-02-27 18:15:15 +00:00