search

ION28 / BLUESPAWN

An Active Defense and EDR software to empower Blue Teams
GNU General Public License v3.0
1.22k stars 169 forks source link

Client add hunts #382

Closed Jack-McDowell closed 3 years ago

ION28 commented 3 years ago

Also need to update coverage json files. I can do this if you want.

Is there an associated atomic red test for either of these sub techniques?

Jack-McDowell commented 3 years ago

Also need to update coverage json files. I can do this if you want.

Is there an associated atomic red test for either of these sub techniques?

I haven't checked re: atomic red team. That said, they used to each be separate techniques, so presumably yes. Can you update coverage?

ION28 commented 3 years ago

Also need to update coverage json files. I can do this if you want. Is there an associated atomic red test for either of these sub techniques?

I haven't checked re: atomic red team. That said, they used to each be separate techniques, so presumably yes. Can you update coverage?

I'll do so today or tomorrow to get this merged

ION28 commented 3 years ago

Well there's no ART test for one of the sub techniques. The ART test for the other technique is not written well (includes a reboot for no reason) which will likely cause problems in the toolchain