Latest Atomic Red YAML import is not working - use older YAML file

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

1.36k stars 161 forks source link

Latest Atomic Red YAML import is not working - use older YAML file #143

Closed thebleucheese closed 2 years ago

thebleucheese commented 3 years ago

There is a known bug in the latest VECTR release where the Atomic Red YAML file import is not working with the latest index file. The YAML format was changed recently and VECTR's codebase needs to be updated to support this.

Workaround until fix is ready: Use an older version of the file from prior to August 2021 like https://github.com/redcanaryco/atomic-red-team/blob/a3e16e194fdda44805d486dc6d789dbc3dc6b0b6/atomics/Indexes/index.yaml

clr2of8 commented 2 years ago

Yes, it looks like this PR was the culprit where it started using "null" instead of empty strings for default values because those null's get transferred as blanks when the index.yaml is generated, hence causing the problem for VECTR.

A quick PowerShell one-liner can patch up the latest index.yaml in the mean time:

(gc $env:USERPROFILE\Downloads\index.yaml -raw) -replace "default:n","default: ''n" | sc $env:USERPROFILE\Downloads\index.yaml

This assumes you downloaded index.yaml to your urser's Downloads directory

carlvonderheid commented 2 years ago

Thanks for the clarification and script!

carlvonderheid commented 2 years ago

Fixed in VECTR 7.1.9, for the Atomic Red index.yml on 9/15/2021