Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: kitploit.com


This python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.

(What's new?)

ย 

Why?

atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By utilizing a testing framework such as atomic-operator, you can identify both your defensive capabilities as well as gaps in defensive coverage.

Additionally, atomic-operator can be used in many other situations like:

  • Generating alerts to test products
  • Testing EDR and other security tools
  • Identifying way to perform defensive evasion from an adversary perspective
  • Plus more.

Features

  • Support local and remote execution of Atomic Red Teams tests on Windows, macOS, and Linux systems
  • Supports running atomic-tests against iaas:aws
  • Can prompt for input arguments but not required
  • Assist with downloading the atomic-red-team repository
  • Can be automated further based on a configuration file
  • A command-line and importable Python package
  • Select specific tests when one or more techniques are specified
  • Plus more

Getting Started

atomic-operator is a Python-only package hosted on PyPi and works with Python 3.6 and greater.

If you are wanting a PowerShell version, please checkout Invoke-AtomicRedTeam.

pip install atomic-operator

The next steps will guide you through setting up and running atomic-operator.

Installation

You can install atomic-operator on OS X, Linux, or Windows. You can also install it directly from the source. To install, see the commands under the relevant operating system heading, below.

Prerequisites

The following libraries are required and installed by atomic-operator:

pyyaml==5.4.1
fire==0.4.0
requests==2.26.0
attrs==21.2.0
pick==1.2.0

macOS, Linux and Windows:

pip install atomic-operator

macOS using M1 processor

git clone https://github.com/swimlane/atomic-operator.git
cd atomic-operator

# Satisfy ModuleNotFoundError: No module named 'setuptools_rust'
brew install rust
pip3 install --upgrade pip
pip3 install setuptools_rust

# Back to our regularly scheduled programming . . .
pip install -r requirements.txt
python setup.py install

Installing from source

git clone https://github.com/swimlane/atomic-operator.git
cd atomic-operator
pip install -r requirements.txt
python setup.py install

Usage example (command line)

You can run atomic-operator from the command line or within your own Python scripts. To use atomic-operator at the command line simply enter the following in your terminal:

atomic-operator --help
atomic-operator run -- --help

Please note that to see details about the run command run atomic-operator run -- --help and NOT atomic-operator run --help

Retrieving Atomic Tests

In order to use atomic-operator you must have one or more atomic-red-team tests (Atomics) on your local system. atomic-operator provides you with the ability to download the Atomic Red Team repository. You can do so by running the following at the command line:

atomic-operator get_atomics 
# You can specify the destination directory by using the --destination flag
atomic-operator get_atomics --destination "/tmp/some_directory"

Running Tests Locally

In order to run a test you must provide some additional properties (and options if desired). The main method to run tests is named run.

# This will run ALL tests compatiable with your local operating system
atomic-operator run --atomics-path "/tmp/some_directory/redcanaryco-atomic-red-team-3700624"

You can select individual tests when you provide one or more specific techniques. For example running the following on the command line:

atomic-operator run --techniques T1564.001 --select_tests

Will prompt the user with a selection list of tests associated with that technique. A user can select one or more tests by using the space bar to highlight the desired test:

 Select Test(s) for Technique T1564.001 (Hide Artifacts: Hidden Files and Directories)

* Create a hidden file in a hidden directory (61a782e5-9a19-40b5-8ba4-69a4b9f3d7be)
Mac Hidden file (cddb9098-3b47-4e01-9d3b-6f5f323288a9)
Create Windows System File with Attrib (f70974c8-c094-4574-b542-2c545af95a32)
Create Windows Hidden File with Attrib (dadb792e-4358-4d8d-9207-b771faa0daa5)
Hidden files (3b7015f2-3144-4205-b799-b05580621379)
Hide a Directory (b115ecaf-3b24-4ed2-aefe-2fcb9db913d3)
Show all hidden files (9a1ec7da-b892-449f-ad68-67066d04380c)

Running Tests Remotely

In order to run a test remotely you must provide some additional properties (and options if desired). The main method to run tests is named run.

# This will run ALL tests compatiable with your local operating system
atomic-operator run --atomics-path "/tmp/some_directory/redcanaryco-atomic-red-team-3700624" --hosts "10.32.1.0" --username "my_username" --password "my_password"

When running commands remotely against Windows hosts you may need to configure PSRemoting. See details here: Windows Remoting

Additional parameters

You can see additional parameters by running the following command:

atomic-operator run -- --help
Parameter Name Type Default Description
techniques list all One or more defined techniques by attack_technique ID.
test_guids list None One or more Atomic test GUIDs.
select_tests bool False Select one or more atomic tests to run when a techniques are specified.
atomics_path str os.getcwd() The path of Atomic tests.
check_prereqs bool False Whether or not to check for prereq dependencies (prereq_comand).
get_prereqs bool False Whether or not you want to retrieve prerequisites.
cleanup bool False Whether or not you want to run cleanup command(s).
copy_source_files bool True Whether or not you want to copy any related source (src, bin, etc.) files to a remote host.
command_timeout int 20 Time duration for each command before timeout.
debug bool False Whether or not you want to output details about tests being ran.
prompt_for_input_args bool False Whether you want to prompt for input arguments for each test.
return_atomics bool False Whether or not you want to return atomics instead of running them.
config_file str None A path to a conifg_file which is used to automate atomic-operator in environments.
config_file_only bool False Whether or not you want to run tests based on the provided config_file only.
hosts list None A list of one or more remote hosts to run a test on.
username str None Username for authentication of remote connections.
password str None Password for authentication of remote connections.
ssh_key_path str None Path to a SSH Key for authentication of remote connections.
private_key_string str None A private SSH Key string used for authentication of remote connections.
verify_ssl bool False Whether or not to verify ssl when connecting over RDP (windows).
ssh_port int 22 SSH port for authentication of remote connections.
ssh_timeout int 5 SSH timeout for authentication of remote connections.
**kwargs dict None If additional flags are passed into the run command then we will attempt to match them with defined inputs within Atomic tests and replace their value with the provided value.

You should see a similar output to the following:

NAME
atomic-operator run - The main method in which we run Atomic Red Team tests.

SYNOPSIS
atomic-operator run <flags>

DESCRIPTION
The main method in which we run Atomic Red Team tests.

FLAGS
--techniques=TECHNIQUES
Type: list
Default: ['all']
One or more defined techniques by attack_technique ID. Defaults to 'all'.
--test_guids=TEST_GUIDS
Type: list
Default: []
One or more Atomic test GUIDs. Defaults to None.
--select_tests=SELECT_TESTS
Type: bool
Default: False
Select one or more tests from provided techniques. Defaults to False.
--atomics_path=ATOMICS_PATH
Default: '/U...
The path of Atomic tests. Defaults to os.getcwd().
--check_prereqs=CHECK_PREREQS
Default: False
Whether or not to check for prereq dependencies (pr ereq_comand). Defaults to False.
--get_prereqs=GET_PREREQS
Default: False
Whether or not you want to retrieve prerequisites. Defaults to False.
--cleanup=CLEANUP
Default: False
Whether or not you want to run cleanup command(s). Defaults to False.
--copy_source_files=COPY_SOURCE_FILES
Default: True
Whether or not you want to copy any related source (src, bin, etc.) files to a remote host. Defaults to True.
--command_timeout=COMMAND_TIMEOUT
Default: 20
Timeout duration for each command. Defaults to 20.
--debug=DEBUG
Default: False
Whether or not you want to output details about tests being ran. Defaults to False.
--prompt_for_input_args=PROMPT_FOR_INPUT_ARGS
Default: False
Whether you want to prompt for input arguments for each test. Defaults to False.
--return_atomics=RETURN_ATOMICS
Default: False
Whether or not you want to return atomics instead of running them. Defaults to False.
--config_file=CONFIG_FILE
Type: Optional[]
Default: None
A path to a conifg_file which is used to automate atomic-operator in environments. Default to None.
--config_file_only=CONFIG_FILE_ONLY
Default: False
Whether or not you want to run tests based on the provided config_file only. Defaults to False.
--hosts=HOSTS
Default: []
A list of one or more remote hosts to run a test on. Defaults to [].
--username=USERNAME
Type: Optional[]
Default: None
Username for authentication of remote connections. Defaults to None.
--password=PASSWORD
Type: Optional[]
Default: None
Password for authentication of remote connections. Defaults to None.
--ssh_key_path=SSH_KEY_PATH
Type: Optional[]
Default: None
Path to a SSH Key for authentication of remote connections. Defaults to None.
--private_key_string=PRIVATE_KEY_STRING
Type: Optional[]
Default: None
A private SSH Key string used for authentication of remote connections. Defaults to None.
--verify_ssl=VERIFY_SSL
Default: False
Whether or not to verify ssl when connecting over RDP (windows). Defaults to False.
--ssh_port=SSH_PORT
Default: 22
SSH port for authentication of remote connections. Defaults to 22.
--ssh_timeout=SSH_TIMEOUT
Default: 5
SSH timeout for authentication of remote connections. Defaults to 5.
Additional flags are accepted.
If provided, keys matching inputs for a test will be replaced. Default is None.

Running atomic-operator using a config_file

In addition to the ability to pass in parameters with atomic-operator you can also pass in a path to a config_file that contains all the atomic tests and their potential inputs. You can see an example of this config_file here:

atomic_tests:
- guid: f7e6ec05-c19e-4a80-a7e7-241027992fdb
input_arguments:
output_file:
value: custom_output.txt
input_file:
value: custom_input.txt
- guid: 3ff64f0b-3af2-3866-339d-38d9791407c3
input_arguments:
second_arg:
value: SWAPPPED argument
- guid: 32f90516-4bc9-43bd-b18d-2cbe0b7ca9b2

Usage example (scripts)

To use atomic-operator you must instantiate an AtomicOperator object.

from atomic_operator import AtomicOperator

operator = AtomicOperator()

# This will download a local copy of the atomic-red-team repository

print(operator.get_atomics('/tmp/some_directory'))

# this will run tests on your local system
operator.run(
technique: str='All',
atomics_path=os.getcwd(),
check_dependencies=False,
get_prereqs=False,
cleanup=False,
command_timeout=20,
debug=False,
prompt_for_input_args=False,
**kwargs
)

Getting Help

Please create an issue if you have questions or run into any issues.

Built With

  • carcass - Python packaging template

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning.

Authors

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE file for details

Shoutout

  • Thanks to keithmccammon for helping identify issues with macOS M1 based proccesssor and providing a fix


...



๐Ÿ“Œ Atomic-Operator โ€“ A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments


๐Ÿ“ˆ 75.54 Punkte

๐Ÿ“Œ Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments


๐Ÿ“ˆ 75.54 Punkte

๐Ÿ“Œ Switching Geany to execute Python files as Python 3, not Python 2


๐Ÿ“ˆ 33.98 Punkte

๐Ÿ“Œ Performancevergleich von Bedingungsvariablen und Atomics in C++20


๐Ÿ“ˆ 31.68 Punkte

๐Ÿ“Œ Atomics and Concurrency in C++


๐Ÿ“ˆ 31.68 Punkte

๐Ÿ“Œ Mastering Python Development Environments: A Comprehensive Guide to Virtual Environments


๐Ÿ“ˆ 31.39 Punkte

๐Ÿ“Œ eDrawings Viewer 32.1.0074 - Share product design across multiple CAD environments.


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ Cross Compatibility annoyance with Operating System environments


๐Ÿ“ˆ 27.7 Punkte

๐Ÿ“Œ 15-Year-Old Python Bug Let Hacker Execute Code in 350k Python Projects


๐Ÿ“ˆ 27.4 Punkte

๐Ÿ“Œ Red Hat Insights enhancements reduce risks in hybrid cloud operating environments


๐Ÿ“ˆ 27.27 Punkte

๐Ÿ“Œ I made a follow-up package, scikit-multilearn-ng, to the widely used scikit-multilearn package for multilabel classification


๐Ÿ“ˆ 27.2 Punkte

๐Ÿ“Œ Bitdefender Premium Security Plus detects threats across multiple operating systems


๐Ÿ“ˆ 26.94 Punkte

๐Ÿ“Œ Atomic Spotlight: Execute PowerShell Code From DNS Text Records


๐Ÿ“ˆ 26.81 Punkte

๐Ÿ“Œ Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco


๐Ÿ“ˆ 26.34 Punkte

๐Ÿ“Œ CODE EXECUTION VULNERABILITY UPON DOWNLOADING PACKAGE FROM PYTHON PACKAGE MANAGER


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Red Team v. Blue Team? They Are In Fact One โ€“ The Purple Team


๐Ÿ“ˆ 25.87 Punkte

๐Ÿ“Œ BHIS | Atomic Red Team Hands on Getting Started Guide | Carrie & Darin Roberts | 1 Hour


๐Ÿ“ˆ 23.95 Punkte

๐Ÿ“Œ AASLR: Atomic Red Team with Carrie Roberts


๐Ÿ“ˆ 23.95 Punkte

๐Ÿ“Œ AASLR: Why? Exactly are you not using Atomic Red Team? | John Strand


๐Ÿ“ˆ 23.95 Punkte

๐Ÿ“Œ Webcast: Atomic Red Team: Hands-on Getting Started Guide w/ Carrie & Darin Roberts


๐Ÿ“ˆ 23.95 Punkte

๐Ÿ“Œ Execute tests with HyperExecute's Just In Time Orchestration | ODFP230


๐Ÿ“ˆ 23.87 Punkte

๐Ÿ“Œ SCYTHE New Version 4.0 Enhances Collaboration Across Multiple Security Team Roles


๐Ÿ“ˆ 23.43 Punkte

๐Ÿ“Œ Two Malicious Python Packages Steal SSH and GPG Keys Exists in the Python Package Index for a Year


๐Ÿ“ˆ 22.98 Punkte

๐Ÿ“Œ Never used a Linux Operating System


๐Ÿ“ˆ 22.88 Punkte

๐Ÿ“Œ Android is About To Eclipse Windows as the World's Most-Used Operating System


๐Ÿ“ˆ 22.88 Punkte

๐Ÿ“Œ Android Overtakes Windows as the Internet's Most Used Operating System


๐Ÿ“ˆ 22.88 Punkte

๐Ÿ“Œ DEF CON Safe Mode Red Team Village - Chris Cottrell - Guerrilla Red Team Decentralizing Adversary


๐Ÿ“ˆ 22.7 Punkte

๐Ÿ“Œ DEF CON Safe Mode Red Team Village -Austin Marck - erpwnage Red Team Approach to Targeting SAP


๐Ÿ“ˆ 22.7 Punkte











matomo