atomic-red-team issues

Update T1543.003.yaml

Test05 description: |- Launches the NSudo executable for a short period of time and then exits. NSudo download observed after maldoc execution. NSudo is a system management tool for advanced...

BlueDragon-01

T1530: Anonymous Access to AWS S3

**Details:** Added a test to scan for Anonymous Access to AWS S3 **Testing:** Tested in local machine(macOS)

cyberbuff

cloud

T1619 Cloud Storage Object Discovery

**Details:** Added a new test for T1619 Cloud Storage Object Discovery. **Testing:** Tested on the local machine(macOS)

cyberbuff

cloud

Problem: Issue in executing T1218.001 Usecases for remote execution .chm file is not executing remotely

Hello Team, we have installed AtomicTestHarnesses on remote machine and tried to execute Atomic red team technique T1218.001 3rd,4th,5th,6th and 7th usecases on remote execution. but facing issue while creating...

testuser335

Idea: Improve Rootkit Testing

1

### Use-cases The Linux Atomic Test [rootkit](https://github.com/redcanaryco/atomic-red-team/tree/8a82e9b66a5b4f4bc5b91089e9f24e0544f20ad7/atomics/T1014) test is not very adequate to test. Simply loading a kernel module is insufficient to test against actual rootkit capabilities. ### Proposal Use...

ghost

enhancement

Problem: a mistake in T1112 description

1

## **Invoke-AtomicTest T1112 -TestNumbers 2** when I wanted to run the above command, I reviewed the T1112.yaml file and understood there is misleading issue in the description part of the...

rezbrz

Idea: Add tests for T1547/003 addition of time providers

1

### Use-cases I'm unsure if this is the correct template or not. Should this be Idea or Test? No test exists in the repo to support privesc/persistence via the time...

tbennett6421

Idea: Add tests for T1547/012 addition of print processor

### Use-cases I'm unsure if this is the correct template or not. Should this be Idea or Test? No test exists in the repo to support privesc/persistence via the print...

tbennett6421

Idea: Add a new field to the YAML files for the tests that need an minimum user interaction for completion

3

### Use-cases Using the atomic-red-team for automated pentesting can be difficult because some tests that are not have the executor as "manual", they still need some user interaction for the...

Alrios

New Atomic Idea: Tampering with Windows Event Tracing

As noted in [this PR](https://github.com/redcanaryco/atomic-red-team/pull/1903) there are several items here that would make great additions to the atomic red team library of scripted attacks. https://blog.palantir.com/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63

clr2of8

atomic-red-team
atomic-red-team copied to clipboard

Metadata

Update T1543.003.yaml

T1530: Anonymous Access to AWS S3

T1619 Cloud Storage Object Discovery

Problem: Issue in executing T1218.001 Usecases for remote execution .chm file is not executing remotely

Idea: Improve Rootkit Testing

Problem: a mistake in T1112 description

Idea: Add tests for T1547/003 addition of time providers

Idea: Add tests for T1547/012 addition of print processor

Idea: Add a new field to the YAML files for the tests that need an minimum user interaction for completion

New Atomic Idea: Tampering with Windows Event Tracing

← Metadata

Owner

Metadata

atomic-red-team atomic-red-team copied to clipboard

Metadata

← Metadata

Owner

Metadata

atomic-red-team
atomic-red-team copied to clipboard