atomic-red-team/CONTRIBUTIONS.md at 5f848fe2c19d948c3ef18f2becedf335fdff3c8e

Files

T

Michael Haag a023d346cb Contributions

How to contrib

2018-03-09 12:19:07 -06:00

1.3 KiB

Raw Blame History

How to contribute to Atomic Red Team

Atomic Contribution

Atomic Red Team welcomes all types of contributions as long as it is mapped to MITRE ATT&CK.

The Framework is also meant to be "easy". If your Atomic test is complicated and requires multiple external utilities/packages/Kali, we may dismiss it.

TEST YOUR Atomic Test! Be sure to run it from a few OS platforms before submitting a pull to ensure everything is working correctly.

If sourcing from another tool/product (ex. generated command), be sure to cite it in your .md file.

Any and all Payloads need to be placed in the respective Windows|Mac|Linux Payload directory.

Be sure you update the ATT&CK url, Txxxx number, and the title (ex. InstallUtil).

Atomic Template Example

## InstallUtil

MITRE ATT&CK Technique: [T1118](https://attack.mitre.org/wiki/Technique/T1118)

### Execution Examples:

Input:

    x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll

    x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll

## Test Script

[InstallUtilBypass.cs](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/InstallUtilBypass.cs)

1.3 KiB Raw Blame History

How to contribute to Atomic Red Team

Atomic Contribution

Atomic Template Example

1.3 KiB

Raw Blame History