security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e46eddb82e135cee8e244c8a23dc85d32f6ea04d
atomic-red-team/atomics/index.md
T
CircleCI Atomic Red Team doc generator 5c5af6bf44 Generate docs from job=validate_atomics_generate_docs branch=master
2018-06-27 11:20:12 +00:00

36 KiB
Raw Blame History

All Atomic Tests by ATT&CK Tactic & Technique

persistence

defense-evasion

privilege-escalation

discovery

  • T1087 Account Discovery
    • Atomic Test #1: List all accounts [linux, macos]
    • Atomic Test #2: View sudoers access [linux, macos]
    • Atomic Test #3: View accounts with UID 0 [linux, macos]
    • Atomic Test #4: List opened files by user [linux, macos]
    • Atomic Test #5: Show if a user account has ever logger in remotely [linux, macos]
    • Atomic Test #6: Enumerate Groups and users [linux, macos]
    • Atomic Test #7: Enumerate all user accounts [windows]
    • Atomic Test #8: Enumerate all user accounts - PowerShell [windows]
    • Atomic Test #9: Get logged on Users [windows]
    • Atomic Test #10: Get logged on users PowerShell [windows]
  • T1010 Application Window Discovery CONTRIBUTE A TEST
  • T1217 Browser Bookmark Discovery CONTRIBUTE A TEST
  • T1083 File and Directory Discovery
    • Atomic Test #1: File and Directory Discovery [windows]
    • Atomic Test #2: nix file and diectory discovery [macos, linux]
    • Atomic Test #3: nix file and diectory discovery [macos, linux]
  • T1046 Network Service Scanning
    • Atomic Test #1: Scan a bunch of ports to see if they are open [linux, macos]
  • T1135 Network Share Discovery
    • Atomic Test #1: Network Share Discovery [macos, linux]
  • T1201 Password Policy Discovery CONTRIBUTE A TEST
  • T1120 Peripheral Device Discovery CONTRIBUTE A TEST
  • T1069 Permission Groups Discovery
    • Atomic Test #1: Permission Groups Discovery [macos, linux]
  • T1057 Process Discovery
    • Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
  • T1012 Query Registry
    • Atomic Test #1: Query Registry [windows]
  • T1018 Remote System Discovery
    • Atomic Test #1: Remote System Discovery - net [windows]
    • Atomic Test #2: Remote System Discover - ping sweep [windows]
    • Atomic Test #3: Remote System Discover - arp [windows]
    • Atomic Test #4: Remote System Discovery - arp nix [linux, macos]
    • Atomic Test #5: Remote System Discovery - sweep [linux, macos]
  • T1063 Security Software Discovery
    • Atomic Test #1: Security Software Discovery [windows]
    • Atomic Test #2: Security Software Discovery - powershell [windows]
    • Atomic Test #3: Security Software Discovery - ps [linux, macos]
  • T1082 System Information Discovery
    • Atomic Test #1: System Information Discovery [windows]
    • Atomic Test #2: System Information Discovery [linux, macos]
    • Atomic Test #3: List OS Information [linux, macos]
  • T1016 System Network Configuration Discovery
    • Atomic Test #1: System Network Configuration Discovery [windows]
    • Atomic Test #2: System Network Configuration Discovery [macos, linux]
  • T1049 System Network Connections Discovery CONTRIBUTE A TEST
  • T1033 System Owner/User Discovery
    • Atomic Test #1: System Owner/User Discovery [windows]
    • Atomic Test #2: System Owner/User Discovery [linux, macos]
  • T1007 System Service Discovery
    • Atomic Test #1: System Service Discovery [windows]
  • T1124 System Time Discovery
    • Atomic Test #1: System Time Discovery - PowerShell [windows]

credential-access

execution

lateral-movement

collection

exfiltration

  • T1020 Automated Exfiltration CONTRIBUTE A TEST
  • T1002 Data Compressed
    • Atomic Test #1: Compress Data for Exfiltration With PowerShell [windows]
    • Atomic Test #2: Compress Data for Exfiltration With Rar [windows]
    • Atomic Test #3: Data Compressed - nix [linux, macos]
  • T1022 Data Encrypted
    • Atomic Test #1: Data Encrypted [macos, centos, ubuntu, linux]
  • T1030 Data Transfer Size Limits
    • Atomic Test #1: Data Transfer Size Limits [macos, centos, ubuntu, linux]
  • T1048 Exfiltration Over Alternative Protocol
    • Atomic Test #1: Exfiltration Over Alternative Protocol - SSH [macos, centos, ubuntu, linux]
    • Atomic Test #2: Exfiltration Over Alternative Protocol - SSH [macos, centos, ubuntu, linux]
    • Atomic Test #3: Exfiltration Over Alternative Protocol - HTTP [macos, centos, ubuntu, linux]
  • T1041 Exfiltration Over Command and Control Channel CONTRIBUTE A TEST
  • T1011 Exfiltration Over Other Network Medium CONTRIBUTE A TEST
  • T1052 Exfiltration Over Physical Medium CONTRIBUTE A TEST
  • T1029 Scheduled Transfer CONTRIBUTE A TEST

command-and-control

initial-access

Reference in New Issue View Git Blame Copy Permalink