security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
121 Commits 47 Branches 0 Tags
fbce4cfb2da24993827532bcb554dc2de774ada6
Commit Graph

65 Commits

Author SHA1 Message Date
Michael Haag fbce4cfb2d Merge pull request #42 from redcanaryco/Protoss-Dev 
Context For Shims
 2017-12-06 14:41:33 -08:00
caseysmithrc 67613f4a44 Context For Shims 2017-12-06 15:40:21 -07:00
caseysmithrc 4326601868 Merge pull request #41 from redcanaryco/Argonaut 
Argonaut Chain Reaction + Updates to windows.md
 2017-12-06 15:27:35 -07:00
caseysmithrc 809e2cb4b8 Fix Typo 2017-12-06 15:12:35 -07:00
caseysmithrc 7bec20d991 App Compat ReadMe 2017-12-06 15:11:56 -07:00
caseysmithrc 44611b8f3b Fix Instructions 2017-12-06 15:05:18 -07:00
caseysmithrc 14f2a68a96 Shim Test Files 2017-12-06 14:52:06 -07:00
Michael Haag 53694dc7d4 Windows ReadMe Fixes 
+ Updated all Discovery files in previous PR.
+ Fixed Windows.md to match new files. All good now
 2017-12-01 15:06:10 -08:00
caseysmithrc b8cd61afb4 Fix Casing 2017-12-01 13:04:29 -07:00
caseysmithrc 1804b97780 Updated All the Things 2017-11-30 08:54:10 -07:00
Michael Haag f47d9be70a Merge pull request #35 from redcanaryco/Protoss-Dev 
Updated AllTheThings
 2017-11-30 08:36:08 -07:00
caseysmithrc e4e892da8b Updated All The Things 2017-11-30 06:25:37 -07:00
caseysmithrc 5375477446 Updated AllTheThings Example 2017-11-30 06:08:27 -07:00
caseysmithrc 58426cd424 Merge pull request #29 from redcanaryco/dev-mh 
Updated Formatting + System Service Discovery
 2017-11-27 13:09:31 -07:00
Michael Haag 874b3cd787 Update README.md 2017-11-22 06:55:57 -08:00
Michael Haag f6bfcd4e52 Discovery.bat - add 
Added sc.exe query line
 2017-11-21 12:17:55 -08:00
Michael Haag c121d1539b Format Updates + System Service Discovery 
+ Updated format to Discovery md files
+ Added System Service Discovery
 2017-11-21 12:16:00 -08:00
caseysmithrc d851a275a6 Merge pull request #28 from redcanaryco/ChainReactions 
Account Manipulation + Chain Reactions Names
 2017-11-20 12:38:37 -07:00
Michael Haag bf35e2895e Update README.md 2017-11-20 11:37:27 -08:00
Michael Haag 8f42ea3fc4 Account Manipulation + Chain Reactions Names 
Changed CR names
+ Fixed .md for Account manipulation
 2017-11-20 11:34:34 -08:00
Michael Haag 253282bceb Format and edits 
Modified the format and cleaned it up.
 2017-11-20 11:27:50 -08:00
unbaiat 74c1c52bdb Create Account Manipulation 2017-11-20 20:18:03 +02:00
caseysmithrc c3d870f399 Update AtomicService.cs 2017-11-19 07:54:51 -07:00
caseysmithrc f84a365a73 Update AtomicService.cs 2017-11-19 07:53:03 -07:00
caseysmithrc d8a38ca5c4 Update Service_Installation.md 2017-11-19 07:51:59 -07:00
caseysmithrc df59f2be24 Service Binary Code 2017-11-19 07:42:50 -07:00
Yohann Lepage 2e675d73f8 Add T1050: Windows - Persistence - Service Installation 2017-11-16 23:27:14 +01:00
Michael Haag 18fa8c1218 Input Capture - Payload Reference fix 
Per https://github.com/redcanaryco/atomic-red-team/issues/22, fixing payload link location.
 2017-11-15 15:10:16 -08:00
caseysmithrc 6b562c96f6 credit for TimeStomp 2017-11-15 12:47:10 -07:00
Michael Haag ae5c62cb51 Timestomp 
Added Timestomp to Windows Matrix
 2017-11-15 10:43:55 -08:00
Michael Haag 99a153fde2 Added Timestomp 
+ Timestomp method
 2017-11-15 10:42:46 -08:00
caseysmithrc ddf8a8318a Updated Mimikatz References 
Updated References
 2017-11-13 15:10:25 -07:00
caseysmithrc 24e2671f45 Added Invoke-Mimnikatz 
Invoke-Mimikatz Locally
 2017-11-13 15:06:40 -07:00
caseysmithrc c03b740553 update instructions 
Update MHT To Doc Notes
 2017-11-13 11:54:20 -07:00
caseysmithrc 4439c529ea Sample VBA 
Sample VBA Downloader
 2017-11-13 11:53:35 -07:00
Michael Haag 407c84b6f5 Discovery Updates 
+ More Tasklist.exe adds
+ Modified file directory listing to be recursive.
 2017-11-13 11:02:39 -07:00
Michael Haag 26854f24b0 System Network Configuration Discovery 
+ Added System Network Configuration Discovery
 2017-11-13 05:01:03 -08:00
Michael Haag 705f7d4dcf Powershell - Bloodhound 
Added single command to download and execute Bloodhound.
 2017-11-10 13:52:27 -08:00
Brian Beyer 3b03b3e9b8 Rename Windows.md to README.md 2017-11-04 15:36:03 -04:00
caseysmithrc 666594cf6e Merge pull request #14 from redcanaryco/dev-mh 
GPP and bat fix
 2017-11-03 11:42:13 -06:00
Michael Haag d61e743c41 Discovery bat fix 
Removed a basic thing and made it even more basic
 2017-11-03 09:56:44 -07:00
Michael Haag e22d823c4b Credentials in Files 
+ Credentials in Files
+ add Get-GPPPassword.ps1
+ Update matrix
 2017-11-02 11:53:28 -07:00
caseysmithrc 2096d7d969 Merge pull request #13 from redcanaryco/dev-mh 
11-1-2017
 2017-11-01 17:38:33 -06:00
Michael Haag b48f9e5f22 Deobfuscate_Decode_Files_Or_Information 
Defense Evasion/Deobfuscate_Decode_Files_Or_Information Add
 2017-11-01 16:28:57 -07:00
Michael Haag a12f456ce3 remove ds 
dsstore goen
 2017-11-01 16:25:53 -07:00
caseysmithrc 06b210f766 certutil fix 2017-11-01 17:11:21 -06:00
Michael Haag 976f3ba40f Adds 
Security software discovery
system time discovery
 2017-11-01 16:02:40 -07:00
caseysmithrc 1e1ae19a33 certutil encode/decode 2017-11-01 16:52:46 -06:00
Michael Haag be85bb6afe Discovery bat 
+ Added reg queries to payload.
 2017-10-31 12:58:40 -07:00
Michael Haag 66c37e8b53 Evasion and exfil 
+ Added wevtutil and fsutil per what was used recently by BadBuddy Ransomware.
+ Added 2 ways to compress data with Powershell and rar.
 2017-10-31 12:56:52 -07:00