atomicredteam

package module
Version: v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 29, 2021 License: MIT Imports: 11 Imported by: 0

README

go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project. The "atomics folder" contains a folder for each Technique defined by the MITRE ATT&CK™ Framework. Inside of each of these "T#" folders you'll find a yaml file that defines the attack procedures for each atomic test as well as an easier to read markdown (md) version of the same data.

  • Executing atomic tests may leave your system in an undesirable state. You are responsible for understanding what a test does before executing.

  • Ensure you have permission to test before you begin.

  • It is recommended to set up a test machine for atomic test execution that is similar to the build in your environment. Be sure you have your collection/EDR solution in place, and that the endpoint is checking in and active.

Note: This execution framwork works on Windows, MacOS, and Linux (assuming it's cross-compiled).

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	LOCAL   string
	REPO    string
	BUNDLED bool

	AtomicsFolderRegex = regexp.MustCompile(`PathToAtomicsFolder(\\|\/)`)
	BlockQuoteRegex    = regexp.MustCompile(`<\/?blockquote>`)
)
View Source
var Version = "version not set"

Functions

func DumpTechnique

func DumpTechnique(dir, tid string) (string, error)

func Execute

func Execute(tid, name string, index int, inputs []string) (*types.AtomicTest, error)

func GetMarkdown

func GetMarkdown(tid string) ([]byte, error)

func GetTechnique

func GetTechnique(tid string) (*types.Atomic, error)

Types

This section is empty.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL