security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,611 Commits 47 Branches 0 Tags
01eb60eaf8c5b9b3d84ea85dd68cbee5d0fa7992
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Clément Notin 01eb60eaf8 Use AADInternals for AAD federation attack 
Azure AD has two kinds of federated domains. The one that can be used to authenticate on AAD, as an AAD user, and the one that can be used to authenticate as a guest user (also called external identity).

The current implementation of the attack seems to work but actually it uses the cmdlets to create a federated domain for external identities which is not the thing we want to showcase this ATT&CK technique. Since such a federated domain does not allow to authenticate as an AAD user.
Sorry for missing this when I supervised the initial work on this ART test.

Newest method uses AADInternals which is a popular attack framework for AAD and which offers exactly the cmdlet we need.
2022-11-15 17:35:31 +01:00
.github
minor adjustment to how workflows are triggered (#1905)
2022-04-27 19:13:33 -06:00
atomic_red_team
Generate Indexes for Cloud Atomics (#2075)
2022-08-10 13:09:00 -06:00
atomics
Use AADInternals for AAD federation attack
2022-11-15 17:35:31 +01:00
bin
Update generate-atomic-docs.rb (#2162)
2022-09-23 16:56:48 -06:00
static
adding demo gif (#2051)
2022-08-03 09:18:01 -06:00
.gitignore
AWS Cloud atomics (#1457)
2021-06-24 14:44:35 -06:00
atomic-red-team.gemspec
Update atomic-red-team.gemspec (#1719)
2022-01-12 14:45:52 -07:00
CODE_OF_CONDUCT.md
Update CODE_OF_CONDUCT.md (#1934)
2022-05-10 08:31:53 -06:00
Gemfile
Add microsite (#250)
2018-06-13 19:33:59 -06:00
LICENSE.txt
move bin scripts into bin, apis into atomic-red-team
2018-05-11 06:49:20 +02:00
README.md
New test using TruffleSnout.exe/typo (#2002)
2022-06-21 11:45:37 -06:00

README.md

Atomic Red Team

GitHub Action Status

Atomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.

Get started

You can execute atomic tests directly from the command line, no installation required. See the Getting started page of our wiki.

For a more robust testing experience, consider using an execution framework like Invoke-Atomic.

Learn more

The Atomic Red Team documentation is available as a wiki.

For information about the philosophy and development of Atomic Red Team, visit our website at https://atomicredteam.io.

Contribute to Atomic Red Team

Atomic Red Team is open source and community developed. If you're interested in becoming a contributor, check out these resources:

  • Join our Slack workspace and get involved with the community. Don't forget to review the code of conduct before you join.
  • Report bugs and request new features by submitting an issue.
  • Read our contribution guide for more information about contributing directly to this repository.
  • Check the license for information regarding the distribution and modification of Atomic Red Team.
Reference in New Issue View Git Blame Copy Permalink
S
Description
Atomic Red Team test automation and mapping
Readme 563 MiB
Languages
C 38.7%
PowerShell 13.3%
Go 11.4%
Java 7.8%
C# 6.8%
Other 21.7%