Magic Sword recently released this PowerShell tool, which identifies the presence and execution of various living-off-the-land binaries and scripts (LOLBAS).
Watch Atomic Red Team maintainers Mike Haag and Jose Hernandez demo the tool during an episode of Atomics on a Friday
Trigger an authenticated RPC call to a target server with no sign flag set
T1135
Enumerate all network shares with SharpShares
Haag needs your help
Atomic Red Team co-creator and longtime maintainer Mike Haag created two new suites of atomic tests on his personal repo--and he could use your help adding them to Atomic Red Team.
If you're never committed before, now is your chance to get that free t-shirt!
Hidden scheduled tasks
Inspired by research from Binary Defense, Haag created this suite of tests for various techniques adversaries use to hide scheduled tasks on Windows.
THE TESTS
Forest Blizzard exploiting CVE-2022-38028
This collection of tests validates detection for various techniques used by the Russian threat actor Forest Blizzard to elevate privileges and steal credentials.
Cyber Distance’s ATT&CK View and relational data model now include atomic tests to help you ensure threat intelligence and emulation plans are robust and effective.
LEARN MORE
Red Canary 1601 19th Street, Suite 900 Denver, CO 80202
You got this newsletter because you’ve subscribed to Red Canary content in the past. Not your thing? You can update your preferences or give us the boot and unsubscribe from all future emails.
