fbc458a342
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-27 18:04:44 +00:00
381ba9d449
Create T1219.yaml ( #838 )
...
* Create T1219.yaml
Added first atomic for T1219
* spacing corrections
* spacing corrections
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-27 11:04:14 -07:00
ec50c4b064
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-26 22:00:47 +00:00
9e350d5290
Fix docs template carriage return issue ( #840 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-26 15:00:19 -07:00
a5df006dd6
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-26 21:59:04 +00:00
661e2beb3d
Correct markdown formatting for test #3 ( #835 )
...
* Correct markdown formatting for test #3
* Move XML data into its own file rather than try to display inline
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-26 14:58:45 -07:00
5005e1d6fd
Bump nokogiri from 1.10.4 to 1.10.8 ( #839 )
...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri ) from 1.10.4 to 1.10.8.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases )
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.8 )
Signed-off-by: dependabot[bot] <support@github.com >
2020-02-25 15:35:09 -07:00
723426c15d
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-24 19:30:29 +00:00
8762f3f929
Added Test for OSTAP Worming Activity to T1105 ( #836 )
...
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-24 12:29:51 -07:00
0bcf0d5c50
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-24 18:09:40 +00:00
4cf7a7f8c5
add flag ( #834 )
2020-02-24 11:09:24 -07:00
6ae0409e73
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-18 01:00:46 +00:00
84120795f5
Adjusted the default domain from example.com to 127.0.0.1.xip.io to ( #832 )
...
allow the "Resolve-DnsName" commandlet to work as expected. Should
prevent runtime issues associated with NXDOMAIN.
2020-02-17 18:00:21 -07:00
f762d6ac0b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-11 21:36:43 +00:00
dd4783b2a5
Fixed typo 1216 1081 ( #830 )
...
* Typo Test 3
findstr /si pass *.xml | *.doc | *.txt | *.xls -> findstr /si pass *.xml *.doc *.txt *.xls
* Typo Test 2
SyncAppvPublishingServe -> SyncAppvPublishingServer
Quotes in test 2 of a format not recognizable by Powershell when passed. Changed to regular quotes.
2020-02-11 14:36:21 -07:00
7ce029b52b
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-10 19:00:47 +00:00
1837cd137e
T1015, set default input args to be a list of executables ( #829 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* set default to complete list
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-10 12:00:25 -07:00
5ac9aac2b3
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-10 18:31:57 +00:00
d174638f67
T1015 restructure ( #818 )
...
* Reworked T1015 changes
* Removed testing statements
* missing ( and yaml comment error
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-10 11:31:45 -07:00
ff94993abb
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-10 18:30:02 +00:00
4c35cdb5ff
T1027 t1053 cleanup errors ( #828 )
...
* fixed
* T1027-T1053_CleanupErrors
* T1027-T1053_CleanupErrors(2)
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-10 11:29:45 -07:00
d5a32b161c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-08 00:29:45 +00:00
2cc0faea72
fixed ( #827 )
2020-02-07 17:29:17 -07:00
19560b02c8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-06 16:00:58 +00:00
c9bf800a29
T1071 - adding DNS C2 ( #825 )
...
* DNS C2
* DNS C2 - Fix Typos
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-06 09:00:15 -07:00
73eb6cdd8c
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-06 15:16:46 +00:00
cbb1133b91
T1105-Update ( #826 )
...
* Added executor fix cleanup command and Temp local path
* changed local_path variable name
* circleCI syntax error PowerShell
* massage
2020-02-06 08:16:27 -07:00
a3ebb13bb6
Build check ( #816 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* ensure both prereq and get_prereq commands are specified
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:31:08 -07:00
2a59d5525f
When invoking new process, set working dir to $env:temp ( #821 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* default working dir is tmp
* default working dir is tmp
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:30:18 -07:00
4955e67900
clarify use of Invoke-WebRequestVerifyHash ( #823 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* clarify use of Invoke-WebRequestVerifyHash
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:24:39 -07:00
1854eb9db8
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-05 17:23:40 +00:00
51c70736dd
T1095-2 add prereqs ( #824 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* add prereq commands
* add prereq commands
* add prereq commands
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-02-05 10:23:17 -07:00
80e4462311
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-04 22:40:46 +00:00
8ea7ea5c8e
T1095 Standard Non-Application Layer Protocol - ICMP, Ncat, Powercat C2 ( #822 )
...
* ICMP Ncat C2
* Add T1095 Test
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-04 15:40:10 -07:00
dd0736f370
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-04 20:03:30 +00:00
66b98936f3
VBS File Created in Startup Folder ( #810 )
...
* add tests, fix old test
* start combining tests
* all files run, still need to support input arguments
* fix quotes
* convert to commas
* remove old tests, ignore delete exceptions
* split up into different tests
* ignore errors in cleanup commands
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-04 13:02:47 -07:00
d7449467c4
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-04 18:58:33 +00:00
f227c1cd8b
Delete TeamViewer Log Files ( #814 )
...
* Write tests
* fix build error
* put deletion in attack command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-02-04 11:58:18 -07:00
599973ee7a
Generate docs from job=validate_atomics_generate_docs branch=master
2020-02-01 17:36:29 +00:00
bd6e7c0dcf
Pypykatz add dependency ( #817 )
...
* add dependencies to pypykatz tests
* added quotes for the echos and cmd /c
2020-02-01 10:36:16 -07:00
fe500be773
fix prereq bug for multi-line powershell ( #815 )
...
* move emond test into correct T#
* only show cleanup with inputs if there are inputs
* fix prereq bug for multi-line powershell
Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com >
Co-authored-by: Michael Haag <mike@redcanary.com >
2020-01-29 14:10:15 -07:00
05699b43bd
Fix typo in test name ( #811 )
...
* Fix typo
* Generate docs from job=validate_atomics_generate_docs branch=fix-logger-typo
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-29 10:30:46 -07:00
d0f818b011
correctly passing timeout through ( #813 )
2020-01-28 16:40:13 -07:00
4193cdc2f1
Revert "T1015 collapsed technique into one atomic with additional inputargs" ( #812 )
...
* Revert "T1015 collapsed technique into one atomic with additional inputargs (#808 )"
This reverts commit 06361de337
2020-01-28 16:25:43 -07:00
5141f5b0dc
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-28 21:09:41 +00:00
06361de337
T1015 collapsed technique into one atomic with additional inputargs ( #808 )
...
* collapsed technique into one atomic
* Update atomics/T1015/T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* Update atomics/T1015/T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* Update atomics/T1015/T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* T1015 removed reference to execution framework
* Update description T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
* Update dash over colon T1015.yaml
Co-Authored-By: Keith McCammon <keith@mccammon.org >
Co-authored-by: Keith McCammon <keith@mccammon.org >
2020-01-28 14:09:24 -07:00
1141a86873
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 23:27:40 +00:00
f2074e94b2
T1012 input args and cleanup ( #804 )
...
* T1012 input args and cleanup
* Removed file write functionality
* fixed missing > in command
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 16:27:27 -07:00
4fc6a89bcf
Generate docs from job=validate_atomics_generate_docs branch=master
2020-01-27 22:18:51 +00:00
72ed340500
T1069 - Domain Admin Enumeration ( #806 )
...
* add command to test
* move test to another atomic
* fixed old tests
Co-authored-by: Carrie Roberts <clr2of8@gmail.com >
2020-01-27 15:18:31 -07:00
CircleCI Atomic Red Team doc generator