From 54c0e74a6c6c69578867807a039e81a751d59bd0 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Fri, 7 Aug 2020 17:38:33 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/Indexes/index.yaml | 13 +++++++++---- atomics/T1176/T1176.md | 6 +++--- atomics/T1562.003/T1562.003.md | 5 ++++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 1258b69f24..76e32c20a0 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -9685,7 +9685,8 @@ persistence: atomic_tests: - name: Chrome (Developer Mode) auto_generated_guid: 3ecd790d-2617-4abf-9a8c-4e8d47da9ee1 - description: '' + description: Turn on Chrome developer mode and Load Extension found in the src + directory supported_platforms: - linux - windows @@ -9696,13 +9697,13 @@ persistence: tick 'Developer Mode'. 2. Click 'Load unpacked extension...' and navigate to - [Browser_Extension](../t1176/) + [Browser_Extension](../t1176/src/) 3. Click 'Select' name: manual - name: Chrome (Chrome Web Store) auto_generated_guid: 4c83940d-8ca5-4bb2-8100-f46dc914bc3f - description: '' + description: Install the "Minimum Viable Malicious Extension" Chrome extension supported_platforms: - linux - windows @@ -25490,7 +25491,11 @@ defense-evasion: name: sh - name: Mac HISTCONTROL auto_generated_guid: 468566d5-83e5-40c1-b338-511e1659628d - description: '' + description: "The HISTCONTROL variable is set to ignore (not write to the history + file) command that are a duplicate of something already in the history \nand + commands that start with a space. This atomic sets this variable in the current + session and also writes it to the current user's ~/.bash_profile \nso that + it will apply to all future settings as well.\nhttps://www.linuxjournal.com/content/using-bash-history-more-efficiently-histcontrol\n" supported_platforms: - macos - linux diff --git a/atomics/T1176/T1176.md b/atomics/T1176/T1176.md index 71c08da0d0..82c595d3ac 100644 --- a/atomics/T1176/T1176.md +++ b/atomics/T1176/T1176.md @@ -20,7 +20,7 @@ There have also been instances of botnets using a persistent backdoor through ma
## Atomic Test #1 - Chrome (Developer Mode) - +Turn on Chrome developer mode and Load Extension found in the src directory **Supported Platforms:** Linux, Windows, macOS @@ -32,7 +32,7 @@ There have also been instances of botnets using a persistent backdoor through ma tick 'Developer Mode'. 2. Click 'Load unpacked extension...' and navigate to -[Browser_Extension](../t1176/) +[Browser_Extension](../t1176/src/) 3. Click 'Select' @@ -46,7 +46,7 @@ tick 'Developer Mode'.
## Atomic Test #2 - Chrome (Chrome Web Store) - +Install the "Minimum Viable Malicious Extension" Chrome extension **Supported Platforms:** Linux, Windows, macOS diff --git a/atomics/T1562.003/T1562.003.md b/atomics/T1562.003/T1562.003.md index a4848a3c4e..28e7e09f1d 100644 --- a/atomics/T1562.003/T1562.003.md +++ b/atomics/T1562.003/T1562.003.md @@ -46,7 +46,10 @@ export HISTCONTROL=ignoreboth
## Atomic Test #2 - Mac HISTCONTROL - +The HISTCONTROL variable is set to ignore (not write to the history file) command that are a duplicate of something already in the history +and commands that start with a space. This atomic sets this variable in the current session and also writes it to the current user's ~/.bash_profile +so that it will apply to all future settings as well. +https://www.linuxjournal.com/content/using-bash-history-more-efficiently-histcontrol **Supported Platforms:** macOS, Linux