f368a70546
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 14:38:05 +00:00
13f7dde9a3
Update T1574.001.yaml ( #2877 )
...
New test Added : Phantom Dll Hijacking - WinAppXRT.dll
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-24 09:36:55 -05:00
83c5d69c55
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 14:35:18 +00:00
1c0f195934
Update T1547.yaml ( #2875 )
...
adding new atomic realted to pnputil to cover different set of command line arguments for pnputil. pnputil can be abused to install drivers in windows
Test Name: Driver Installation Using pnputil.exe
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-24 09:34:09 -05:00
9418990356
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 14:32:32 +00:00
ba841eba7a
Update T1217.yaml ( #2876 )
...
* Update T1217.yaml
This test will extract Microsoft Edge browser's history of current user
* Update T1217.yaml
* Update T1217.yaml
* remove duplicate test
* Update T1217.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-24 09:31:17 -05:00
33939648b7
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:37:54 +00:00
5fc2f6dd5f
Update T1218.yaml ( #2855 )
...
* Update T1218.yaml
* Update T1218.yaml
* Update T1218.yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:36:46 -05:00
b0f5fc12dd
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:31:35 +00:00
19fbe0f994
Update T1112.yaml ( #2870 )
...
Added New Test : Adding custom paths for application execution
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:29:27 -05:00
444f81d64f
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:28:03 +00:00
7c1d934430
Update T1569.002.yaml ( #2869 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:26:56 -05:00
f1fd271ee0
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:24:52 +00:00
a8585e0e50
Update T1078.003.yaml ( #2867 )
...
Added new test "Use PsExec to elevate to NT Authority\SYSTEM account"
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:23:48 -05:00
e1feb2c7a5
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:21:57 +00:00
bd13bcbaec
Update T1546.yaml ( #2865 )
...
New Test : Adding custom debugger for Windows Error Reporting
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:20:48 -05:00
2d3c1652a4
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-24 02:17:35 +00:00
3bc01cabb5
3 new tests added ( #2863 )
...
3 new Tests added :
Abusing MyComputer Disk Backup Path for Persistence
Abusing MyComputer Disk Cleanup Path for Persistence
Abusing MyComputer Disk Fragmentation Path for Persistence
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 21:16:20 -05:00
162921f9e7
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-23 22:08:10 +00:00
d4aa5c432e
New Test - Modify RDP-Tcp Initial Program Registry Entry ( #2861 )
...
* Update T1112.yaml
Modify RDP-Tcp Initial Program Registry Entry
* Update T1112.yaml
added cleanup commands
* Update T1112.yaml
* Update T1112.yaml
* Update T1112.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 17:06:54 -05:00
229af9deb5
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-23 21:39:39 +00:00
0a8ad64ee8
Added new test to T1614.001 "Discover System Language by Windows API … ( #2857 )
...
* Added new test to T1614.001 "Discover System Language by Windows API Query"
* Fixed indentation on line 139. Added input arguments
* Fixed indentation on line 126
* Added markdown formatting.
* Added C# source code as requested
* Removed input arguments because not arguments are supported.
* Updated exe output
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-23 16:38:25 -05:00
2a37d1cae8
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-19 04:22:39 +00:00
9e39c9d5b3
T1048.002 ( #2851 )
...
* Added input argument #{host} to T1059.004 test name - Create and Execute Bash Shell Script
* Added Input argument to T1048.002 2 tests
* modified input args
---------
Co-authored-by: alphonsa-01 <NA>
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-07-19 00:21:31 -04:00
7512f4a78b
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-17 02:56:47 +00:00
ef6b0358f9
Update T1112.yaml ( #2862 )
...
New Test : Abusing Windows TelemetryController Registry Key for Persistence
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-16 21:55:36 -05:00
9915e4a4a6
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-17 02:53:43 +00:00
b0c87f11fc
Update T1556.002.yaml ( #2860 )
...
New Test Install Additional Authentication Packages
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-16 21:52:30 -05:00
12c1fabcf5
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-16 22:37:48 +00:00
6b16e95579
Update T1547.001.yaml ( #2856 )
...
* Update T1547.001.yaml
Allowing custom application to execute during new RDP logon session
* Update T1547.001.yaml
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-16 17:36:37 -05:00
6b5334bfe5
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-16 18:21:49 +00:00
3183811486
Fix ESXi tests ( #2853 )
...
* fix esxi tests
* fix macos tests
---------
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-16 13:20:36 -05:00
c126089a0d
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-16 18:15:15 +00:00
1b800b29ca
Update T1547.001.yaml ( #2854 )
...
* Update T1547.001.yaml
Creating Boot Verification Program Key for application execution during successful boot
* Update T1547.001.yaml
updated few changes
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-16 13:14:02 -05:00
ff1bf9b32f
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-16 18:08:01 +00:00
81b987e1a6
fix atomics ( #2852 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-16 13:06:56 -05:00
3c045e1822
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-14 09:30:23 +00:00
6b724e37d0
Update T1059.004.yaml ( #2840 )
2024-07-14 04:29:08 -05:00
3efa6f8917
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-13 00:11:15 +00:00
c0ce2c7a82
Update T1070.002.yaml ( #2847 )
...
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-07-12 20:10:01 -04:00
19d0a3589c
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-13 00:08:06 +00:00
b63ac9bbbd
Fix System log file deletion via find utility scenario in T1070.002 ( #2846 )
...
* Fix System log file deletion via find utility scenario in T1070.002
* Update T1070.002.yaml
* Update T1070.002.md
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-07-12 20:06:44 -04:00
fd2d2a148d
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-12 14:59:56 +00:00
7c51b76bcd
Update T1552.001.yaml ( #2842 )
...
* Update T1552.001.yaml
New Test Added : List Credential Files via PowerShell
* Update T1552.001.yaml
Added Test List Credential Files via PowerShell , List Credential Files via Command Prompt
* Updated command lines
Updated command lines
2024-07-12 09:58:48 -05:00
9bf5eb6864
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-10 18:42:34 +00:00
a5ae5e1771
Added input argument #{host} to T1059.004 test name - Create and Execute Bash Shell Script ( #2849 )
...
Co-authored-by: alphonsa-01 <NA>
Co-authored-by: Hare Sudhan <code@0x6c.dev >
2024-07-10 13:41:25 -05:00
6a6f6e9ac5
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-10 15:10:05 +00:00
be29bb4b14
Update T1048.md ( #2806 )
...
* Update T1048.md
This is a grammatically correct change.
* update yaml
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-10 10:08:57 -05:00
f30eae885f
Generated docs from job=generate-docs branch=master [ci skip]
2024-07-10 15:06:29 +00:00
39c0efe2d5
Update T1113.yaml ( #2827 )
...
Detects the enabling of the Windows Recall feature via registry manipulation. Windows Recall can be enabled by deleting the existing "DisableAIDataAnalysis" registry value. Adversaries may enable Windows Recall as part of post-exploitation discovery and collection activities. This rule assumes that Recall is already explicitly disabled on the host, and subsequently enabled by the adversary.
Co-authored-by: Hare Sudhan <code@0x6c.dev >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2024-07-10 10:05:09 -05:00
Atomic Red Team doc generator