security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f8c8fbcab13df73c9ac9fa180db8bebcac74341a
atomic-red-team/atomics
T
History
BlueTeamOps f8c8fbcab1 Added Audit Policy Config based Logging Impairment (#1378) 
* Added Audit Policy Config based Logging Impairment

Auditpol can be used to manipulate audit log configuration.  Test 3 simulates the adversary disabling certain audit policies to prevent respective events from being recorded in the log

* Add link, update test name

Adding in the Solarigate write-up link for reference and also removing the test # from the title (this gets added automatically to the Markdown file)

* added cleanup commands

Hi Carrie, The pre-req commands enables the auditpols initially so that it can be disabled when the atomic command is executed.  I have copied the same syntax as pre-req to clean-up so it is reinstated. Based on additional research I have several more commands of interest I would like to add which were not part of the MS article but would be considered suspicious.  Shall I add them as separate tests? i.e. sub-commands such as clear, restore, remove

* Removed the dependency section 

Removed the dependency section

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
2021-02-09 11:13:25 -07:00
..
Indexes
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:33:01 +00:00
T1003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1003.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:33:01 +00:00
T1003.002
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-22 16:30:47 +00:00
T1003.003
title clarification (#1259)
2020-10-24 08:15:58 -06:00
T1003.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1003.006
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:47:31 +00:00
T1003.008
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1006
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1007
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1010
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1012
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-15 16:28:04 +00:00
T1014
T1014 - Driver Rootkit Test Update (#1303)
2020-11-30 14:34:25 -07:00
T1016
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1018
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1020
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1021.001
cleaner title (#1260)
2020-10-24 08:17:34 -06:00
T1021.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1021.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1021.006
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1027
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1027.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1027.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1027.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1030
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1033
T1555.003 (#1311)
2020-12-01 13:31:40 -07:00
T1036.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1036.004
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1036.006
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1037.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1037.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1037.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1037.005
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1040
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1046
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1047
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-07 16:43:14 +00:00
T1048
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1048.003
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:42:27 +00:00
T1049
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-01 23:43:53 +00:00
T1053.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1053.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1053.003
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1053.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1053.005
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1055
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:42:39 +00:00
T1055.004
Update T1055.cs (#1361)
2021-01-08 09:19:55 -07:00
T1055.012
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1056.001
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1056.002
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1056.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1057
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1059.001
Generate docs from job=validate_atomics_generate_docs branch=ATHPowerShellCommandLineParamter
2020-11-09 16:41:52 +00:00
T1059.002
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1059.003
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1059.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1059.005
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1069.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1069.002
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1070
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1070.001
Scriptcontrol (#1348)
2021-01-08 09:12:14 -07:00
T1070.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1070.003
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2020-12-28 22:45:56 +00:00
T1070.004
better test name (#1261)
2020-10-24 08:19:12 -06:00
T1070.005
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1070.006
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1071.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1071.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1074.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1078.001
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1078.003
Separate CI steps so Github status checks can reference the right checks (#1334)
2020-12-16 11:27:51 -07:00
T1082
Separate CI steps so Github status checks can reference the right checks (#1334)
2020-12-16 11:27:51 -07:00
T1083
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1087.001
Allow root user to run 'T1087.001: Account Discovery: Local Account - List opened files by user' by updating how current username is determined
2020-11-19 11:18:53 -05:00
T1087.002
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1090.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1095
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1098
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1098.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-08 13:39:28 +00:00
T1105
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1106
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1110.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 19:39:15 +00:00
T1110.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1110.003
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-01 17:01:17 +00:00
T1112
Generate docs from job=validate_atomics_generate_docs branch=ATHPowerShellCommandLineParamter
2020-11-09 16:41:52 +00:00
T1113
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1114.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1115
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1119
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1123
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1124
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1127.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-20 23:27:31 +00:00
T1132.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1133
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1134.001
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1134.004
Introducing AtomicTestHarnesses Tests to ART (#1270)
2020-10-22 14:34:31 -06:00
T1135
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1136.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1136.002
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1137.002
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1140
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1176
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1197
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 19:14:46 +00:00
T1201
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1202
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1204.002
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:12:45 +00:00
T1207
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:51:05 +00:00
T1216
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1216.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1217
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 15:47:51 +00:00
T1218
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-08 16:16:04 +00:00
T1218.001
Introducing AtomicTestHarnesses Tests to ART (#1270)
2020-10-22 14:34:31 -06:00
T1218.002
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1218.003
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1218.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1218.005
Introducing AtomicTestHarnesses Tests to ART (#1270)
2020-10-22 14:34:31 -06:00
T1218.007
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1218.008
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1218.009
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1218.010
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-11 03:40:28 +00:00
T1218.011
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2020-12-21 16:40:14 +00:00
T1219
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1220
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1222.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-25 13:43:05 +00:00
T1222.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1482
Generate docs from job=validate_atomics_generate_docs branch=ATHPowerShellCommandLineParamter
2020-11-09 16:41:52 +00:00
T1485
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1489
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1490
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-24 00:53:46 +00:00
T1496
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1497.001
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1505.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1505.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1518
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1518.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1529
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1531
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1543.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1543.002
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1543.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1543.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2020-12-21 16:14:07 +00:00
T1546.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.005
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.007
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.008
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1546.010
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.011
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1546.012
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1546.013
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1546.014
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1547.001
Update maintainers.md (#1335)
2020-12-17 22:57:51 -07:00
T1547.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1547.005
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1547.006
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1547.007
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1547.009
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1547.011
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1548.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1548.002
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1548.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1550.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-10-06 16:13:36 +00:00
T1550.003
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-05 23:31:24 +00:00
T1552.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1552.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1552.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1552.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1552.006
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1553.001
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1553.004
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1555
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1555.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1555.003
T1555.003 (#1311)
2020-12-01 13:31:40 -07:00
T1556.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1558.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-06 18:35:50 +00:00
T1558.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1559.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1560
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1560.001
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-01-13 03:23:42 +00:00
T1562.001
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1562.002
Added Audit Policy Config based Logging Impairment (#1378)
2021-02-09 11:13:25 -07:00
T1562.003
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1562.004
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1562.006
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1563.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1564
Separate CI steps so Github status checks can reference the right checks (#1334)
2020-12-16 11:27:51 -07:00
T1564.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1564.002
Merge OSCD branch into master (#1273)
2020-10-29 22:54:55 -06:00
T1564.003
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1564.004
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1566.001
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
T1569.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1569.002
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1571
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1573
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1574.001
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1574.002
Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2020-12-29 14:18:50 +00:00
T1574.006
Generate docs from job=validate_atomics_generate_docs branch=master
2020-09-29 13:53:28 +00:00
T1574.009
Update gems to remove kramdown vulnerability (#1287)
2020-11-12 13:40:23 -07:00
T1574.011
Update README.md (#1302)
2020-11-30 09:18:32 -07:00
T1574.012
Maintainers updates (#1328)
2020-12-15 14:18:41 -07:00
used_guids.txt
Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
2021-02-03 02:32:53 +00:00