UAC Bypass #2
Comments
|
For sure, that is an excellent collection. When we reviewed that tactic, we felt that there is already a reference here: https://attack.mitre.org/wiki/Technique/T1088 . I agree its an excellent set of test, I'm not quite sure how to incorporate it yet. Let me think about that. I'll keep this open until we can come to agreement on best way to include this. |
|
We agree https://github.com/hfiref0x/UACME is a comprehensive testing tool. For now we have decided to leave it out of the repo since it is a binary. But I encourage people to explore that repo it has the most up to date information on UAC bypasses. |
ghost
closed this as 
nicholasaleks
added a commit
to nicholasaleks/atomic-red-team
that referenced
this issue
Jul 12, 2018
keithmccammon
pushed a commit
that referenced
this issue
Sep 17, 2019
The specified test doesn't work in command_prompt.
clr2of8
pushed a commit
that referenced
this issue
Nov 11, 2019
* Non-Windows OS Support
Added OS Identification to determine tests to run
Added SH and Bash executors for Linux and MacOS
Changed some Print statement oddities in ART
Updated Installation script to work on non-windows machines
* Updated Documentation
Edited the readme to be more OS neutral
Added information for the -force option in the installer
Added instructions for downloading powershell core on Mac and Linux
* Last Bugs
added chown to install script
* Install -force test install path
if (Test-Path $InstallPath){ Remove-Item -Path $InstallPath -Recurse -Force -ErrorAction Stop | Out-Null }
* minor changes
Write-Host error messages
Installer - Import-Module $modulePath -Force
* Chown weird on MacOS
chown -R $env:SUDO_USER $InstallPath
* README edits
clearing up $home $homedrive shenanigans
* \n in mardown issues
* Readme edits #2
masonharrell
added a commit
to masonharrell/atomic-red-team
that referenced
this issue
Aug 7, 2020
clr2of8
added a commit
that referenced
this issue
Aug 7, 2020
* added prereq to test #2 * Update T1071.001.yaml remove test "z" Co-authored-by: Carrie Roberts <[email protected]>
clr2of8
added a commit
that referenced
this issue
Apr 19, 2021
* Updating T1016 to include macos firewall enumeration * Tests added * standardize display name * Add tests for T1134.001 Access Token Impersonation/Theft (#1236) * Generate docs from job=validate_atomics_generate_docs branch=oscd * adding socketfilterfw and cleaning up description formatting, adding description details * Changing to device manufacturer based test * Generate docs from job=validate_atomics_generate_docs branch=oscd * Add test for T1006 Direct Volume Access (#1254) * Generate docs from job=validate_atomics_generate_docs branch=oscd * [OSCD] T1036.004: Masquerade Task or Service - 2 tests (#1253) * T1036.004 - 2 tests added * Update T1036.004.yaml Co-authored-by: Carrie Roberts <[email protected]> * Generate docs from job=validate_atomics_generate_docs branch=oscd * T1136.002 - 2 tests added (#1252) * Generate docs from job=validate_atomics_generate_docs branch=oscd * [OSCD] Create atomic test for T1113 for Windows (#1251) * Generate docs from job=validate_atomics_generate_docs branch=oscd * update T1564.002 * update T1564.002 * add Gatekeeper disable; add cleanup for security tools disable; add another launchagent for carbon black defense; remove Gatekeeper disable command from Gatekeeper bypass technique * Added T1562.006 tests to emulate indicator blocking by modifying configuration files * split linux and macos tests for TT1518.001; update processes list * Update T1518.001.yaml * Removed prereq and fixed command endings * Indirect command execution - conhost (#1265) * Generate docs from job=validate_atomics_generate_docs branch=oscd * [OSCD] Office persiststence : Office test (#1266) * Office persiststence : Office test * Added technique details * Generate docs from job=validate_atomics_generate_docs branch=oscd * Generate docs from job=validate_atomics_generate_docs branch=oscd * Generate docs from job=validate_atomics_generate_docs branch=oscd * Generate docs from job=validate_atomics_generate_docs branch=oscd * Remove index files to avoid CI complaints. * Grr * Generate docs from job=validate_atomics_generate_docs branch=oscd * Generate docs from job=validate_atomics_generate_docs branch=oscd * Update T1518.001.yaml * [OSCD] Adding T1547.010 (#1264) * Port monitor addition * Rename T1547.010.yml to T1547.010.yaml * Generate docs from job=validate_atomics_generate_docs branch=oscd * Generate docs from job=validate_atomics_generate_docs branch=oscd * Generate docs from job=validate_atomics_generate_docs branch=oscd * Fixed typos in test names Co-authored-by: [email protected] <[email protected]> Co-authored-by: haresudhan <[email protected]> Co-authored-by: Carrie Roberts <[email protected]> Co-authored-by: gregclermont <[email protected]> Co-authored-by: CircleCI Atomic Red Team doc generator <email> Co-authored-by: Carl <[email protected]> Co-authored-by: mrblacyk <[email protected]> Co-authored-by: sn0w0tter <[email protected]> Co-authored-by: Yugoslavskiy Daniil <[email protected]> Co-authored-by: yugoslavskiy <[email protected]> Co-authored-by: omkargudhate22 <[email protected]> Co-authored-by: Keith McCammon <[email protected]> Co-authored-by: Matt Graeber <[email protected]>
tenillekay
added a commit
to tenillekay/atomic-red-team
that referenced
this issue
Aug 1, 2022
Updated Test redcanaryco#2 to make it more complete.
Merged
clr2of8
pushed a commit
that referenced
this issue
Aug 1, 2022
Updated Test #2 to make it more complete.
D4rkCiph3r
added a commit
to D4rkCiph3r/atomic-red-team
that referenced
this issue
Mar 18, 2023
Updated the test descriptions for atomic test #1 and redcanaryco#2.
D4rkCiph3r
added a commit
to D4rkCiph3r/atomic-red-team
that referenced
this issue
Mar 18, 2023
Updated the atomic test(#1, redcanaryco#2) name and description. Added clean-up commands.
prashanthpulisetti
added a commit
to prashanthpulisetti/atomic-red-team
that referenced
this issue
Jan 18, 2024
Atomic Test redcanaryco#2 - Exfiltration via Encrypted FTP Simulates encrypted file transfer to an FTP server, representing stealthy data exfiltration methods.
clr2of8
added a commit
that referenced
this issue
Jan 18, 2024
…ncrypted FTP (#2656) * Update T1020.yaml Atomic Test #2 - Exfiltration via Encrypted FTP Simulates encrypted file transfer to an FTP server, representing stealthy data exfiltration methods. * Update T1020.yaml updated notes * Update T1020.yaml updated line 50 * move notes to description, remove empty tags --------- Co-authored-by: Carrie Roberts <[email protected]>
ZitniH
added a commit
to ZitniH/atomic-red-team
that referenced
this issue
Feb 29, 2024
Test redcanaryco#2 for T1071.001 is currently not working properly, since the pre-requisite command is incorrect. This change is to fix the md and yaml files to update the URL for curl
Merged
clr2of8
pushed a commit
that referenced
this issue
Mar 1, 2024
Test #2 for T1071.001 is currently not working properly, since the pre-requisite command is incorrect. This change is to fix the md and yaml files to update the URL for curl
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/hfiref0x/UACME
Might be worth including those in your UAC testing suite.
The text was updated successfully, but these errors were encountered: