f82a189443
Update T1610.yaml
...
remove guid
2023-01-05 12:15:47 -08:00
8ba658e520
Update T1610.yaml
2023-01-05 08:29:02 +05:30
8ecc8d8e62
Update T1610.yaml
...
Changed the name for the atomic test case, Added references to the description & Changed the path as recommended
2022-12-24 14:56:22 +05:30
12f2a903a8
Removed auto_generated_guid
2022-12-16 10:49:19 +05:30
f4338f3e0d
Added Deploying a docker
...
Fairly straight forward to deploy a container.
Details:
There was no test case for deploying a container in the atomic-red team and I was working with atomic red team so thought to create a pr for this feature
Testing:
Tested using ubuntu as the base image. It creates an image and runs that image to check that image is deployed properly.
It may take up to a couple of minutes to run due to image creation. If it hangs for longer than a minute, something went wrong.
Associated Issues:
None
2022-12-15 20:08:54 -08:00
b86d24fd99
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-14 23:10:06 +00:00
51c59e06d3
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-12-14 23:09:58 +00:00
54cc912687
Remote System Discovery - net group Domain Controller ( #2249 )
...
* Remote System Discovery - net group Domain Controller
Identify remote systems with net.exe querying the Active Directory Domain Controller. Upon successful execution, cmd.exe will execute cmd.exe against Active Directory to list the "Domain Controller" in the domain. Output will be via stdout.
* Update T1018.yaml
* Update T1018.yaml
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-12-14 18:09:24 -05:00
c17e4303bc
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-14 22:50:55 +00:00
939774541e
Merge pull request #2243 from redcanaryco/clr2of8-patch-29
...
correct name
2022-12-14 14:50:22 -08:00
17a66b018f
Merge branch 'master' into clr2of8-patch-29
2022-12-14 13:42:35 -07:00
324b2a7401
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-14 20:41:48 +00:00
09043e625c
Merge branch 'master' into clr2of8-patch-29
2022-12-14 13:41:37 -07:00
14271bcbc5
removing duplicate test ( #2239 )
...
* removing duplicate test
* add elevation required
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-12-14 13:41:20 -07:00
45741c6c95
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-14 20:35:27 +00:00
684a637c1a
fix typo, user temp directory ( #2238 )
...
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-12-14 13:34:57 -07:00
9d2f6e05c9
Update T1567.002.yaml ( #2245 )
...
Removed tab from file which was causing parsing to break
2022-12-14 07:33:55 -07:00
5c1e6f1b4f
Generated docs from job=generate-docs branch=master [ci skip]
2022-12-07 01:40:37 +00:00
c6368a624d
Updating ATT&CK and Navigator ( #2244 )
...
This should update the Navigator layers from ATT&CK 11 to 12 and from Navigator 4.5.5 to 4.7.1
2022-12-06 18:39:57 -07:00
063610ad8e
correct name
2022-12-03 18:37:00 -05:00
ce55c6dfb1
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-29 00:09:43 +00:00
747a28a689
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-29 00:09:36 +00:00
d4721d481c
adding credman gump using keymgr.dll ( #2242 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-11-28 19:09:04 -05:00
c65c1656a4
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-29 00:06:26 +00:00
4fbdacf673
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-29 00:06:19 +00:00
414118431e
Tests to simulate misuse of secedit.exe ( #2241 )
...
* secedit config template
* added secedit based persistence
* added secedit based discovery
2022-11-28 19:05:09 -05:00
1e6c1c70fd
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-24 14:10:04 +00:00
18baf6d730
T1560.002 :: Fix typo for gzip ( #2240 )
2022-11-24 09:09:26 -05:00
bfbb8be4e3
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-21 20:42:04 +00:00
d1343687d4
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-21 20:41:57 +00:00
17b80161a4
adding atomic test T1055.003 ( #2237 )
...
* adding atomic test T1055.003
* adding atomic test T1055.003
2022-11-21 13:41:23 -07:00
9837b4fcd1
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-21 14:43:35 +00:00
ee62e616b9
T1482 additional techniques ( #2236 )
...
* Updated T1482.md
Additional trust enumeration techniques.
* Update T1482.yaml
Additional trust enumeration techniques.
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-11-21 07:42:51 -07:00
6a621382ba
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-18 16:23:19 +00:00
3c6c880503
Merge pull request #2231 from cnotin/pr-aad-federation-aadinternals
...
Use AADInternals for AAD federation attack
2022-11-18 11:22:43 -05:00
fdb6cdb7c6
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-18 16:21:18 +00:00
696f2c1d72
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-18 16:21:12 +00:00
cd39269366
Merge pull request #2213 from packetzero/am_t1040_linux_pcap
...
Add Linux T1040 Packet Capture using raw sockets and filtering
2022-11-18 11:20:45 -05:00
d8afb1fb8d
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-17 22:09:05 +00:00
89126e68cd
Fix bug where the search returns multiple objects by selecting only the first ( #2235 )
...
The issue was that "Get-AzureADServicePrincipal" and "Get-AzureADApplication" may return several results matching the provided name which is not handled properly by the code which will crash. The solution is to select only the first object.
I took the opportunity for a couple minor improvements in the code of those two tests.
2022-11-17 17:08:24 -05:00
54f7393181
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-15 23:53:18 +00:00
f5526d45fd
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-15 23:53:11 +00:00
2d6d00c01c
Update T1548.002.yaml - WSReset UAC Bypass ( #2232 )
...
* Update T1548.002.yaml
* removed elevation requirement
2022-11-15 18:52:41 -05:00
01eb60eaf8
Use AADInternals for AAD federation attack
...
Azure AD has two kinds of federated domains. The one that can be used to authenticate on AAD, as an AAD user, and the one that can be used to authenticate as a guest user (also called external identity).
The current implementation of the attack seems to work but actually it uses the cmdlets to create a federated domain for external identities which is not the thing we want to showcase this ATT&CK technique. Since such a federated domain does not allow to authenticate as an AAD user.
Sorry for missing this when I supervised the initial work on this ART test.
Newest method uses AADInternals which is a popular attack framework for AAD and which offers exactly the cmdlet we need.
2022-11-15 17:35:31 +01:00
9175d8dc59
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-15 16:01:55 +00:00
a0c3f39325
Generate GUIDs from job=generate-docs branch=master [skip ci]
2022-11-15 16:01:47 +00:00
0440c69f3b
T1567.002.yaml creation with new rclone to Mega exfil test ( #2228 )
...
* Create T1567.002.yaml
* Add files via upload
* Delete T1567.002.yaml
* Update T1567.002.yml
* Update T1567.002.yml
* Update T1567.002.yml
* Create T1567.002.yaml
* Delete T1567.002.yml
* Update T1567.002.yaml
* Update T1567.002.yaml
* update display name
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2022-11-15 11:01:20 -05:00
6024dac957
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-15 15:56:55 +00:00
cecca22f67
HiveNightmare simplifications ( #2230 )
...
* HiveNightmare simplifications
* Update T1003.002.yaml
* Update T1003.002.yaml
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com >
2022-11-15 08:56:24 -07:00
feca620bc4
Generated docs from job=generate-docs branch=master [ci skip]
2022-11-15 15:48:37 +00:00
Bhavin Patel