Skip to content

Commit

Permalink
Generate docs from job=validate_atomics_generate_docs branch=master
Browse files Browse the repository at this point in the history
  • Loading branch information
CircleCI Atomic Red Team doc generator committed Nov 11, 2019
1 parent 3618849 commit 5332936
Show file tree
Hide file tree
Showing 6 changed files with 116 additions and 4 deletions.
67 changes: 65 additions & 2 deletions atomics/T1069/T1069.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,75 @@ Azure CLI (AZ CLI) also provides an interface to obtain permissions groups with

## Atomic Tests

- [Atomic Test #1 - Elevated group enumeration using net group](#atomic-test-1---elevated-group-enumeration-using-net-group)
- [Atomic Test #1 - Permission Groups Discovery](#atomic-test-1---permission-groups-discovery)

- [Atomic Test #2 - Basic Permission Groups Discovery Windows](#atomic-test-2---basic-permission-groups-discovery-windows)

- [Atomic Test #3 - Permission Groups Discovery PowerShell](#atomic-test-3---permission-groups-discovery-powershell)

- [Atomic Test #4 - Elevated group enumeration using net group](#atomic-test-4---elevated-group-enumeration-using-net-group)


<br/>

## Atomic Test #1 - Permission Groups Discovery
Permission Groups Discovery

**Supported Platforms:** macOS, Linux


#### Run it with `sh`!
```
dscacheutil -q group
dscl . -list /Groups
groups
```



<br/>
<br/>

## Atomic Test #2 - Basic Permission Groups Discovery Windows
Basic Permission Groups Discovery for Windows

**Supported Platforms:** Windows


#### Run it with `command_prompt`!
```
net localgroup
net group /domain
```



<br/>
<br/>

## Atomic Test #3 - Permission Groups Discovery PowerShell
Permission Groups Discovery utilizing PowerShell

**Supported Platforms:** Windows


#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| user | User to identify what groups a user is a member of | string | administrator|

#### Run it with `powershell`!
```
get-localgroup
get-ADPrinicipalGroupMembership #{user} | select name
```



<br/>
<br/>

## Atomic Test #1 - Elevated group enumeration using net group
## Atomic Test #4 - Elevated group enumeration using net group
Runs 'net group' command including command aliases and loose typing to simulate enumeration/discovery of high value domain groups

**Supported Platforms:** Windows
Expand Down
5 changes: 4 additions & 1 deletion atomics/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,10 @@
- Atomic Test #7: Examine password policy - macOS [macos]
- T1120 Peripheral Device Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1069 Permission Groups Discovery](./T1069/T1069.md)
- Atomic Test #1: Elevated group enumeration using net group [windows]
- Atomic Test #1: Permission Groups Discovery [macos, linux]
- Atomic Test #2: Basic Permission Groups Discovery Windows [windows]
- Atomic Test #3: Permission Groups Discovery PowerShell [windows]
- Atomic Test #4: Elevated group enumeration using net group [windows]
- [T1057 Process Discovery](./T1057/T1057.md)
- Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
- [T1012 Query Registry](./T1012/T1012.md)
Expand Down
42 changes: 42 additions & 0 deletions atomics/index.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15481,6 +15481,48 @@ discovery:
modified: '2019-10-18T20:37:17.043Z'
identifier: T1069
atomic_tests:
- name: Permission Groups Discovery
description: 'Permission Groups Discovery

'
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
dscacheutil -q group
dscl . -list /Groups
groups
- name: Basic Permission Groups Discovery Windows
description: 'Basic Permission Groups Discovery for Windows

'
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: false
command: |
net localgroup
net group /domain
- name: Permission Groups Discovery PowerShell
description: 'Permission Groups Discovery utilizing PowerShell

'
supported_platforms:
- windows
input_arguments:
user:
description: User to identify what groups a user is a member of
type: string
default: administrator
executor:
name: powershell
elevation_required: false
command: |
get-localgroup
get-ADPrinicipalGroupMembership #{user} | select name
- name: Elevated group enumeration using net group
description: 'Runs ''net group'' command including command aliases and loose
typing to simulate enumeration/discovery of high value domain groups
Expand Down
1 change: 1 addition & 0 deletions atomics/linux-index.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@
- Atomic Test #3: Examine password complexity policy - CentOS/RHEL 6.x [centos]
- Atomic Test #4: Examine password expiration policy - All Linux [linux]
- [T1069 Permission Groups Discovery](./T1069/T1069.md)
- Atomic Test #1: Permission Groups Discovery [macos, linux]
- [T1057 Process Discovery](./T1057/T1057.md)
- Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
- [T1018 Remote System Discovery](./T1018/T1018.md)
Expand Down
1 change: 1 addition & 0 deletions atomics/macos-index.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@
- Atomic Test #7: Examine password policy - macOS [macos]
- T1120 Peripheral Device Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1069 Permission Groups Discovery](./T1069/T1069.md)
- Atomic Test #1: Permission Groups Discovery [macos, linux]
- [T1057 Process Discovery](./T1057/T1057.md)
- Atomic Test #1: Process Discovery - ps [macos, centos, ubuntu, linux]
- [T1018 Remote System Discovery](./T1018/T1018.md)
Expand Down
4 changes: 3 additions & 1 deletion atomics/windows-index.md
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,9 @@
- Atomic Test #6: Examine domain password policy - Windows [windows]
- T1120 Peripheral Device Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1069 Permission Groups Discovery](./T1069/T1069.md)
- Atomic Test #1: Elevated group enumeration using net group [windows]
- Atomic Test #2: Basic Permission Groups Discovery Windows [windows]
- Atomic Test #3: Permission Groups Discovery PowerShell [windows]
- Atomic Test #4: Elevated group enumeration using net group [windows]
- [T1057 Process Discovery](./T1057/T1057.md)
- [T1012 Query Registry](./T1012/T1012.md)
- Atomic Test #1: Query Registry [windows]
Expand Down

0 comments on commit 5332936

Please sign in to comment.