atomic-red-team

security-tools/atomic-red-team

Fork 0

Commit Graph

Select branches

Hide Pull Requests

APT28

AutoSUID_linux

ProcessHolllowingT1093

T1016_fix

T1218.005-powershell-without-network-call

T1553.001_fix

add_codeowners

admin-guide

atoms

attack-v19-migration

cloudlfare-tunnel

clr2of8-patch-14

clr2of8-patch-16

clr2of8-patch-3

clr2of8-patch-32

clr2of8-patch-35

clr2of8-patch-43

clr2of8-patch-44

clr2of8-patch-8

cyberbuff-patch-2

dependabot/pip/hypothesis-6.152.4

dependabot/pip/pydantic-2.13.3

dependabot/pip/typer-0.25.1

external_payloads

fix_T1562.001

fix_attack_nav

insecure-curl

io-update

issue_template_fix

linpeas_linux

markdown_changes

master

npm_simulate

oscd

pre-commit

python_conversion

remove-unused-static-dir

remove_bin

remove_ruby

remove_users_launch_daemon

revert-1530-adding_comments_to_navigator

sysmon_fix

t1547008

testest

update-PSDocs

use-basic-parsing

yamlfix

a6bc897052 add cleanup commands to remove registry dump files (#589) Carrie Roberts 2019-10-21 15:00:24 -06:00
edcb544e79 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-21 20:59:21 +00:00
fe8442876b T1086_AddAtomic_PowerShellDowngradeAttack (#578) Andras32 2019-10-21 15:58:55 -05:00
4fb62d4875 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-16 18:16:43 +00:00
e206885e1d naming variable correctly so it gets replaced as a variable at execution time (#588) Carrie Roberts 2019-10-16 12:16:19 -06:00
e72d70af4d Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-15 20:15:34 +00:00
9405e2b819 T1158 Test 11 update (#587) dwhite9 2019-10-15 15:15:16 -05:00
e413bf2671 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-15 00:47:34 +00:00
957b67bd6a Added Cleanup script to Logon Scripts Atomic T1037 (#584) dwhite9 2019-10-14 19:47:21 -05:00
fd93a2fe2a Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-15 00:46:28 +00:00
1ec4ee2afd fixed loop counter (#583) Carrie Roberts 2019-10-14 18:46:16 -06:00
af26d075f8 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-08 18:40:28 +00:00
4f98d55d74 T1086 - Added Atomic for writing file in alternate data stream and simulating code execution. (#582) dwhite9 2019-10-08 13:40:16 -05:00
f0791ee056 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-08 18:20:14 +00:00
ca3872b352 fix savertimeout to savetimeout (#579) h00die 2019-10-08 14:19:59 -04:00
641a1d027d Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-08 18:02:00 +00:00
e1f2936764 Update T1038 (#581) JimmyAstle 2019-10-08 14:01:35 -04:00
af8e2d4501 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-10-08 17:27:21 +00:00
8d5a575af8 Add test for LKM via insmod (#580) Tony M Lambert 2019-10-08 12:27:00 -05:00
25fa6a75e7 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-24 14:36:14 +00:00
9be96cf54f T1076 rdp to domain controller (#572) Andras32 2019-09-24 09:36:03 -05:00
0860bb1ec7 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-23 19:01:07 +00:00
247367100b Added new atomic 'Remote System Discovery - nslookup' + typo fixes (#576) JB 2019-09-23 14:00:44 -05:00
3bc4bf9dd2 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-21 15:21:30 +00:00
d492b8ce4c Added atomic "Access "unattend.xml," corrected and simplified names of all tests (#575) JB 2019-09-21 10:21:19 -05:00
150ac1ac50 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-21 15:19:44 +00:00
dd95258d4a T1112 atomic 4 name clarification (#574) JB 2019-09-21 10:19:34 -05:00
d413ba8f0d Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-19 11:24:18 +00:00
b7ed04ebd7 Fix a bug in T1081 where the macos version of grep is wrongly expected to accept the -P flag and fix a labeling bug in T1201 where a macOS command is wrongly described as a Windows command (#573) Mike Hunter 2019-09-19 04:24:00 -07:00
7f35271b8e Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-17 19:17:51 +00:00
a969a01805 Update T1089 - AMSI Bypass (#570) JimmyAstle 2019-09-17 15:17:34 -04:00
0197987d18 Added MacOS and Linux isElevated check [todo: test MacOS] (#565) Andras32 2019-09-17 14:11:19 -05:00
a226e2aa2e Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-17 19:09:17 +00:00
cb7b3f4650 Added 'Elevated group enumeration using net group' + minor titles edit (#567) JB 2019-09-17 14:09:03 -05:00
a27c73135a Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-17 18:48:01 +00:00
16cad4ed95 Update T1089 - AMSI Bypass cleanup (#569) JimmyAstle 2019-09-17 14:47:31 -04:00
d6d68477ac Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-17 18:33:39 +00:00
26263baec9 New Detection - T1089 (#568) JimmyAstle 2019-09-17 14:33:22 -04:00
1df960f3c4 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-17 16:44:59 +00:00
edc66092e3 Executor in Atomic Test #2 changed to Powershell (#504) Marc 2019-09-17 18:44:36 +02:00
ff779dd2fb Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-17 14:45:16 +00:00
8b855a5139 Added new atomic, 'Modify registry for password downgrade to plain text' (#566) JB 2019-09-17 09:44:55 -05:00
ac5fb215d5 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-16 15:09:00 +00:00
29a2fa0539 Added test for deletion of prefetch files (anti-forensic technique) (#564) JB 2019-09-16 10:08:43 -05:00
c1d4e22313 update to describe new yaml elements (#563) Carrie Roberts 2019-09-13 15:46:09 -06:00
77d5d88189 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-13 15:42:16 +00:00
eab43d92fb Update to T1036 (#562) JimmyAstle 2019-09-13 11:42:01 -04:00
fe2539c7de Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-13 14:00:02 +00:00
971d5c2b8a Create DLL Hijacking Test - amsi bypass (#561) JimmyAstle 2019-09-13 09:59:45 -04:00
3c644cc523 installer cleanup (#560) Carrie Roberts 2019-09-12 15:02:29 -06:00
29ad17b01d Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-07 01:37:43 +00:00
6f2d67e258 pipe command output to nul to keep things clean (#559) Carrie Roberts 2019-09-06 19:37:34 -06:00
30411b7db8 rename InputParameters to InputArgs (#558) Carrie Roberts 2019-09-06 19:36:02 -06:00
3b784d023c readme updates/fixes (#557) Carrie Roberts 2019-09-06 11:28:13 -06:00
0110ceec98 pipe file creation output to out-null (#556) Carrie Roberts 2019-09-05 17:38:54 -06:00
06c3bb433a fix null error when using -Cleanup and -ShowDetails (#555) Carrie Roberts 2019-09-05 17:37:48 -06:00
95f2a5ed6f removing duplicate 'command' element from template (#550) Carrie Roberts 2019-09-05 17:36:30 -06:00
91a5f29006 remove Z from Local timestamp (#554) Carrie Roberts 2019-09-05 16:21:09 -06:00
516855f4e7 fix bug where no log output for tests with input parameters (#553) Carrie Roberts 2019-09-05 15:27:39 -06:00
dbbec18625 bug fix for order of operations (#552) Carrie Roberts 2019-09-05 09:44:52 -06:00
ac22c95011 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-05 01:04:02 +00:00
75cfe33de9 Add GPP Password test definitions (#551) Carrie Roberts 2019-09-04 19:03:45 -06:00
968bf887c2 fail pre-req check if elevation required but not provided (#549) Carrie Roberts 2019-09-04 10:52:24 -06:00
d7f2290669 allow caller to specify non-default input parameters (#547) Carrie Roberts 2019-09-03 19:29:04 -06:00
4bc6eb5ca1 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 20:13:44 +00:00
c3dc0dc593 windows subtitle wasn't properly formatted (#527) Nick McLoota 2019-09-03 13:13:34 -07:00
6e0c26b97c Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 20:11:38 +00:00
0859cb997a removing descriptions of xxx (left over from template) (#546) Carrie Roberts 2019-09-03 14:11:18 -06:00
1848f84fda Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 16:04:49 +00:00
ce07c60109 double quote fixes (#545) Carrie Roberts 2019-09-03 10:04:32 -06:00
3899ee00cf Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 15:31:13 +00:00
e4981743f7 Add test for T1217 that looks for bookmarks from Google Chrome browser (#536) n0lepointer 2019-09-03 11:30:58 -04:00
159697cc2e Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 15:21:17 +00:00
b3978a03b4 markdown fix for manual tests (#544) Carrie Roberts 2019-09-03 09:20:59 -06:00
84de04b082 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 13:37:19 +00:00
c0405724ec move cleanup/undo commands to cleanup_command attribute (#543) Carrie Roberts 2019-09-03 07:37:06 -06:00
499c751bcc Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 13:36:10 +00:00
3da3a89cf4 markdown fix (#541) Carrie Roberts 2019-09-03 07:35:52 -06:00
d8ac1118b3 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-09-03 13:34:56 +00:00
1bfefdacfc Add elevated (#542) Carrie Roberts 2019-09-03 07:34:42 -06:00
749039f3b9 Remove Invoke-AllAtomicTests (#540) Carrie Roberts 2019-08-30 22:05:14 -06:00
96d882444d Write test execution details to log file (#539) Carrie Roberts 2019-08-30 12:16:53 -06:00
440e85a9c8 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-08-30 15:42:59 +00:00
019b63fdb5 Support for CheckPrereqs and Cleanup Commands (#531) Carrie Roberts 2019-08-30 09:42:44 -06:00
75c332ac52 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-08-29 22:18:28 +00:00
9f535f0547 add "elevation_required" attribute to test definition yaml (#532) Carrie Roberts 2019-08-29 16:18:07 -06:00
5f460b5a8f update all gems (#535) Brian Beyer 2019-08-29 08:28:09 -06:00
1571f4dcb0 Bump nokogiri from 1.10.1 to 1.10.4 (#534) dependabot[bot] 2019-08-29 08:10:56 -06:00
48ad5e308d Update rocke-and-roll-stage-01.sh (#533) A. Didier 2019-08-29 07:36:47 -06:00
b51284297d Initial Access - Atomic Friday July 2019 (#530) Michael Haag 2019-08-28 12:38:26 -06:00
604f7cd730 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-08-28 14:53:16 +00:00
6e65bbd146 Add T1196(Control Panel Item) (#521) weev3 2019-08-28 10:53:05 -04:00
ac0546a494 Specify TTP as string, no need to call Get-AtomicTechnique first. Optionally specify individual attacks by atomic test # or name. (#525) Carrie Roberts 2019-08-27 20:32:00 -06:00
86486588cf Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-08-27 15:43:54 +00:00
fa19b6b075 Add files via upload (#528) zinint 2019-08-27 18:43:39 +03:00
3206a83186 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-08-27 15:40:20 +00:00
3523ec7a1c T1097 - Move PTT atomic test to appropriate technique (#524) Makenzie Schwartz 2019-08-27 08:40:03 -07:00
5898dab7e4 Generate docs from job=validate_atomics_generate_docs branch=master CircleCI Atomic Red Team doc generator 2019-08-27 15:35:27 +00:00
5f846ced08 Add test to T1089 that uninstalls sysmon (#529) Carrie Roberts 2019-08-27 09:35:15 -06:00
26c8eae322 Install Atomic - Fixed Paths (#517) Michael Haag 2019-08-14 10:36:16 -06:00

... 53 54 55 56 57 ...