Generate docs from job=validate_atomics_generate_docs branch=master

dglauche · Mar 10, 2020 · 2f778f3 · 2f778f3
1 parent 3fa4dd1
commit 2f778f3
Show file tree

Hide file tree

Showing 20 changed files with 92 additions and 92 deletions.
diff --git a/atomics/T1036/T1036.md b/atomics/T1036/T1036.md
@@ -54,7 +54,7 @@ cmd.exe /c %SystemRoot%\Temp\lsass.exe
 
 #### Cleanup Commands:
 ```
-del /Q /F %SystemRoot%\Temp\lsass.exe
+del /Q /F %SystemRoot%\Temp\lsass.exe >nul 2>&1
 ```
 
 
@@ -100,7 +100,7 @@ cmd.exe /c %APPDATA%\notepad.exe /B
 
 #### Cleanup Commands:
 ```
-del /Q /F %APPDATA%\notepad.exe
+del /Q /F %APPDATA%\notepad.exe >nul 2>&1
 ```
 
 
@@ -125,7 +125,7 @@ cmd.exe /c %APPDATA%\svchost.exe /B
 
 #### Cleanup Commands:
 ```
-del /Q /F %APPDATA%\svchost.exe
+del /Q /F %APPDATA%\svchost.exe >nul 2>&1
 ```
 
 
@@ -150,7 +150,7 @@ cmd.exe /K %APPDATA%\taskhostw.exe
 
 #### Cleanup Commands:
 ```
-del /Q /F %APPDATA%\taskhostw.exe
+del /Q /F %APPDATA%\taskhostw.exe >nul 2>&1
 ```
 
 
@@ -252,8 +252,8 @@ C:\lsm.exe /c echo T1036 > C:\T1036.txt
 
 #### Cleanup Commands:
 ```
-del C:\T1036.txt
-del C:\lsm.exe
+del C:\T1036.txt >nul 2>&1
+del C:\lsm.exe >nul 2>&1
 ```
 
 

diff --git a/atomics/T1038/T1038.md b/atomics/T1038/T1038.md
@@ -35,8 +35,8 @@ copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
 
 #### Cleanup Commands:
 ```
-del %APPDATA%\updater.exe
-del %APPDATA%\amsi.dll
+del %APPDATA%\updater.exe >nul 2>&1
+del %APPDATA%\amsi.dll >nul 2>&1
 ```
 
 

diff --git a/atomics/T1055/T1055.md b/atomics/T1055/T1055.md
@@ -204,8 +204,8 @@ C:\svchost.exe /c echo T1055 > \\localhost\c$\T1055.txt
 
 #### Cleanup Commands:
 ```
-del C:\T1055.txt
-del C:\svchost.exe
+del C:\T1055.txt >nul 2>&1
+del C:\svchost.exe >nul 2>&1
 ```
 
 

diff --git a/atomics/T1064/T1064.md b/atomics/T1064/T1064.md
@@ -59,7 +59,7 @@ C:\Windows\system32\cmd.exe /Q /c #{script_to_create}
 
 #### Cleanup Commands:
 ```
-del #{script_to_create}
+del #{script_to_create} >nul 2>&1
 ```
 
 

diff --git a/atomics/T1071/T1071.md b/atomics/T1071/T1071.md
@@ -253,7 +253,7 @@ cscript //E:Jscript #{script_file}
 
 #### Cleanup Commands:
 ```
-del #{script_file} /F /Q
+del #{script_file} /F /Q >nul 2>&1
 ```
 
 

diff --git a/atomics/T1100/T1100.md b/atomics/T1100/T1100.md
@@ -33,7 +33,7 @@ xcopy #{web_shells} #{web_shell_path}
 
 #### Cleanup Commands:
 ```
-del #{web_shell_path}
+del #{web_shell_path} >nul 2>&1
 ```
 
 

diff --git a/atomics/T1102/T1102.md b/atomics/T1102/T1102.md
@@ -31,7 +31,7 @@ bitsadmin.exe /transfer "DonwloadFile" http://www.stealmylogin.com/ %TEMP%\bitsa
 
 #### Cleanup Commands:
 ```
-del %TEMP%\bitsadmindownload.html
+del %TEMP%\bitsadmindownload.html >nul 2>&1
 ```
 
 

diff --git a/atomics/T1105/T1105.md b/atomics/T1105/T1105.md
@@ -331,8 +331,8 @@ OSTap copies itself in a specfic way to shares and secondary drives. This emulat
 pushd #{destination_path}
 echo var fileObject = WScript.createobject("Scripting.FileSystemObject");var newfile = fileObject.CreateTextFile("AtomicTestFileT1105.js", true);newfile.WriteLine("This is an atomic red team test file for T1105. It simulates how OSTap worms accross network shares and drives.");newfile.Close(); > AtomicTestT1105.js
 CScript.exe AtomicTestT1105.js //E:JScript
-del AtomicTestT1105.js /Q
-del AtomicTestFileT1105.js /Q
+del AtomicTestT1105.js /Q >nul 2>&1
+del AtomicTestFileT1105.js /Q >nul 2>&1
 popd
 ```
 

diff --git a/atomics/T1107/T1107.md b/atomics/T1107/T1107.md
@@ -122,7 +122,7 @@ Delete a single file from the temporary directory using cmd.exe
 #### Attack Commands: Run with `command_prompt`! 
 ```
 echo "T1107" > %temp%\T1107.txt
-del /f  %temp%\T1107.txt
+del /f  %temp%\T1107.txt >nul 2>&1
 ```
 
 

diff --git a/atomics/T1114/T1114.md b/atomics/T1114/T1114.md
@@ -38,7 +38,7 @@ powershell -executionpolicy bypass -command $PathToAtomicsFolder\T1114\Get-Inbox
 
 #### Cleanup Commands:
 ```
-del #{output_file}
+del #{output_file} >nul 2>&1
 ```
 
 

diff --git a/atomics/T1115/T1115.md b/atomics/T1115/T1115.md
@@ -35,7 +35,7 @@ clip < %temp%\T1115.txt
 
 #### Cleanup Commands:
 ```
-del %temp%\T1115.txt
+del %temp%\T1115.txt >nul 2>&1
 ```
 
 

diff --git a/atomics/T1119/T1119.md b/atomics/T1119/T1119.md
@@ -103,10 +103,10 @@ tree C:\AtomicRedTeam\atomics > %TEMP%\T1119_4.txt
 
 #### Cleanup Commands:
 ```
-del %TEMP%\T1119_1.txt >$null 2>&1
-del %TEMP%\T1119_2.txt >$null 2>&1
-del %TEMP%\T1119_3.txt >$null 2>&1
-del %TEMP%\T1119_4.txt >$null 2>&1
+del %TEMP%\T1119_1.txt >nul 2>&1
+del %TEMP%\T1119_2.txt >nul 2>&1
+del %TEMP%\T1119_3.txt >nul 2>&1
+del %TEMP%\T1119_4.txt >nul 2>&1
 ```
 
 

diff --git a/atomics/T1121/T1121.md b/atomics/T1121/T1121.md
@@ -34,7 +34,7 @@ C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U #{file_name}
 
 #### Cleanup Commands:
 ```
-del #{file_name}
+del #{file_name} >nul 2>&1
 ```
 
 
@@ -80,8 +80,8 @@ C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe #{file_name}
 
 #### Cleanup Commands:
 ```
-del #{file_name} >$null 2>&1
-del key.snk >$null 2>&1
+del #{file_name} >nul 2>&1
+del key.snk >nul 2>&1
 ```
 
 

diff --git a/atomics/T1140/T1140.md b/atomics/T1140/T1140.md
@@ -37,8 +37,8 @@ certutil -decode %temp%\T1140_calc.txt %temp%T1140_calc_decoded.exe
 
 #### Cleanup Commands:
 ```
-del %temp%\T1140_calc.txt
-del %temp%T1140_calc_decoded.exe
+del %temp%\T1140_calc.txt >nul 2>&1
+del %temp%T1140_calc_decoded.exe >nul 2>&1
 ```
 
 
@@ -68,8 +68,8 @@ copy %windir%\system32\certutil.exe %temp%\tcm.tmp
 
 #### Cleanup Commands:
 ```
-del %temp%\tcm.tmp
-del %temp%\T1140.txt
+del %temp%\tcm.tmp >nul 2>&1
+del %temp%\T1140.txt >nul 2>&1
 ```
 
 

diff --git a/atomics/T1145/T1145.md b/atomics/T1145/T1145.md
@@ -37,7 +37,7 @@ dir c:\ /b /s .key | findstr /e .key
 
 #### Cleanup Commands:
 ```
-del c:\Windows\cert.key
+del c:\Windows\cert.key >nul 2>&1
 ```
 
 

diff --git a/atomics/T1158/T1158.md b/atomics/T1158/T1158.md
@@ -100,7 +100,7 @@ attrib.exe +s %TEMP%\T1158.txt
 
 #### Cleanup Commands:
 ```
-del /A:S %TEMP%\T1158.txt
+del /A:S %TEMP%\T1158.txt >nul 2>&1
 ```
 
 
@@ -125,7 +125,7 @@ attrib.exe +h %TEMP%\T1158_hidden.txt
 
 #### Cleanup Commands:
 ```
-del /A:H %TEMP%\T1158_hidden.txt
+del /A:H %TEMP%\T1158_hidden.txt >nul 2>&1
 ```
 
 
@@ -231,7 +231,7 @@ for /f "usebackq delims=φ" %i in (#{file_name}:#{ads_filename}) do %i
 
 #### Cleanup Commands:
 ```
-del #{file_name}
+del #{file_name} >nul 2>&1
 ```
 
 

diff --git a/atomics/T1197/T1197.md b/atomics/T1197/T1197.md
@@ -40,7 +40,7 @@ bitsadmin.exe /transfer /Download /priority Foreground #{remote_file} #{local_fi
 
 #### Cleanup Commands:
 ```
-del #{local_file}
+del #{local_file} >nul 2>&1
 ```
 
 

diff --git a/atomics/T1485/T1485.md b/atomics/T1485/T1485.md
@@ -167,7 +167,7 @@ Deletes backup files in a manner similar to Ryuk ransomware.
 
 #### Attack Commands: Run with `command_prompt`!  Elevation Required (e.g. root or admin) 
 ```
-del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.* c:\backup*.* c:\*.set c:\*.win c:\*.dsk
+del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.* c:\backup*.* c:\*.set c:\*.win c:\*.dsk >nul 2>&1
 ```
 
 

diff --git a/atomics/T1500/T1500.md b/atomics/T1500/T1500.md
@@ -32,7 +32,7 @@ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:#{output_file} #{in
 
 #### Cleanup Commands:
 ```
-del #{output_file}
+del #{output_file} >nul 2>&1
 ```
-Original file line number
+Diff line change
@@ Expand Up / @@ -59,7 +59,7 @@ C:\Windows\system32\cmd.exe /Q /c #{script_to_create} @@
     #### Cleanup Commands:
     ```
-    del #{script_to_create}
+    del #{script_to_create} >nul 2>&1
     ```
@@ Expand Down @@