f6004e7d91
fix prerequisite checks
2022-11-04 16:56:11 -05:00
6952b2c284
Merge branch 'master' into am_t1040_linux_pcap
2022-11-04 13:25:03 -04:00
721e184423
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-04 17:04:14 +00:00
3a0d280883
Merge pull request #2195 from jmac774/patch-2
...
Fix T1546.004 for remote execution on Linux
2022-11-04 13:03:41 -04:00
4921b5f679
Merge branch 'master' into patch-2
2022-11-04 13:00:59 -04:00
f1fe367fc7
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-03 20:06:21 +00:00
422ab1751f
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-03 20:06:15 +00:00
96b45ecbbf
Added missing test for T1547.014 Active Setup, 3 tests created ( #2219 )
...
* Added missing test for T1547.014 Active Setup, 3 tests created
Committer: Thomas De Brelaz <thockoro@hotmail.com >
* some format changes and simplications
* Update T1547.014.yaml
Co-authored-by: Thomas De Brelaz <thomas.de-brelaz@ubisoft.com >
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-11-03 15:05:44 -05:00
5f084fc1e1
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-03 18:45:42 +00:00
ae1493e46e
Update T1560.001.yaml ( #2221 )
...
The name for "Compress Data and lock with password for Exfiltration with winzip" of T1560.001.yaml
Invoke-WebRequestVerifyHash function has not import
2022-11-03 13:45:03 -05:00
a052ee3bca
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-02 17:55:09 +00:00
71b8056ed2
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-02 17:55:02 +00:00
8300ec7632
Create Symbolic Link From osk.exe to cmd.exe ( #2218 )
...
* Create Symbolic Link From osk.exe to cmd.exe
* Update T1546.008.yaml
2022-11-02 11:54:33 -06:00
cc704d65bd
Merge branch 'master' into patch-2
2022-11-01 11:37:46 -04:00
31d9ef273e
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-01 15:25:54 +00:00
dde1c39789
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-01 15:25:47 +00:00
5da061570e
Added CommandProcessor Autorun ( #2214 )
...
* Added CommandProcessor Autorun
* add an hcku version as well
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-11-01 10:25:17 -05:00
2bdf7058a5
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 18:59:04 +00:00
72a67e2dc8
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-31 18:58:56 +00:00
a69e08e6ae
Updated T1048.003 to include Rclone ( #2202 )
...
* Updated T1048.003 to include Rclone
Added the use of Rclone to exfiltrate data to an external FTP server.
* Updated the test as discussed.
* Fixed the typo
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-31 13:58:24 -05:00
8c427d03ea
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 18:55:22 +00:00
535c5be594
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-31 18:55:16 +00:00
f5e9554b1a
Update T1562.001.yaml ( #2216 )
...
Add Atomic to leverage WMI to exclude a folder within Defender.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-31 13:54:50 -05:00
43d82f25da
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 18:42:04 +00:00
2589ca7d6f
fix missing input arg ( #2210 )
2022-10-31 13:41:32 -05:00
40cb9df131
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-31 14:02:32 +00:00
cd6e3d15ae
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-31 14:02:26 +00:00
aaf8223501
t1027-006-html-smuggling ( #2215 )
...
Add Atomic for HTML smuggling
2022-10-31 08:01:55 -06:00
44826521e6
rename existing linux capture test
2022-10-30 20:31:35 -05:00
d9f46753de
linux pcap : Add BPF filter and clang-format
2022-10-30 20:27:36 -05:00
56a896d90b
Add some Linux T1040 packet capture tests using raw sockets
2022-10-30 19:01:59 -05:00
6f0df94b1d
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-28 17:46:40 +00:00
a317977c6b
Update T1056.001.yaml ( #2208 )
...
* Update T1056.001.yaml
fix bug: "Input Capture" of T1056.001 not download poweshel script
* update url
I updated the URL to point to the "raw" ps1 file instead of the html page showing the preview. Also removed the input arg for the PS1 since the attack commands call the script directly and don't use the input argument. Also, not likely that users will need to modify that input arg so leaving it out for clarity. Chose to give the full path to the ps1 script in the attack commands instead of changing directories first.
* Update T1056.001.yaml
* Update T1056.001.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-10-28 12:46:13 -05:00
69ff63cbeb
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-28 17:03:36 +00:00
0d4be0fcdc
Update T1070.003.yaml ( #2209 )
...
In this command "Set-PSReadLineOption -HistorySaveStyle SaveIncrementally",The "–" correct is "-"
2022-10-28 12:02:59 -05:00
c434c577af
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:35:40 +00:00
4fffd2bd92
add dependency executor since it is different than attack cmds ( #2203 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-10-27 14:35:07 -06:00
fd90991054
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 20:17:13 +00:00
d3f49a0913
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-27 20:17:07 +00:00
066d82351c
New AutoDial DLL persistence atomic ( #2207 )
...
* New AutoDial DLL persistence atomic
* Update T1546.yaml
2022-10-27 14:16:38 -06:00
a3f9a79d63
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-27 17:12:15 +00:00
74a13a8b92
Merge pull request #2206 from redcanaryco/isofix
...
Update T1553.005 - Runs lnk now
2022-10-27 10:11:38 -07:00
93c92d10b2
Update T1553.005 - Runs lnk now
2022-10-27 11:03:58 -06:00
e149cf9df2
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-26 15:13:43 +00:00
dba79489fb
Incomplete Process Termination Process ( #2205 )
...
The Notepad process was not terminating after the command execution
Line Added:
taskkill /im notepad.exe /t /f > NUL 2>&1
The /t option makes sure any child processes are closed as well, and the /f option forcefully terminates the process.
The > NUL redirects the stdout to the NUL device (the equivalent of /dev/null) and the 2 >&1 also redirects the stderr to stdout so that nothing is output to the console
2022-10-26 09:13:05 -06:00
aa218974e7
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-25 00:18:35 +00:00
d29652b752
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-10-25 00:18:27 +00:00
ba34e45163
Merge pull request #2197 from redcanaryco/aws_password_spray
...
AWS - Password Spray an AWS using GoAWSConsoleSpray
2022-10-24 17:17:49 -07:00
8b43cf51f7
Merge branch 'master' into aws_password_spray
2022-10-24 17:16:55 -07:00
e4844d7576
Generated docs from job=generate-docs branch=master [ci skip]
2022-10-24 16:27:34 +00:00
packetzero