Skip to content

Commit

Permalink
Tests for Data Destruction and Resource Hijacking (redcanaryco#512)
Browse files Browse the repository at this point in the history
  • Loading branch information
ForensicITGuy authored and caseysmithrc committed Jun 14, 2019
1 parent 7be30f4 commit 1620029
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 1 deletion.
28 changes: 27 additions & 1 deletion atomics/T1485/T1485.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,30 @@ atomic_tests:
executor:
name: command_prompt
command: |
sdelete.exe #{file_to_overwrite}
sdelete.exe #{file_to_overwrite}
- name: macOS/Linux - Overwrite file with DD
description: |
Overwrites and deletes a file using DD.
To stop the test, break the command with CTRL/CMD+C.
supported_platforms:
- centos
- linux
- macos
- ubuntu

input_arguments:
overwrite_source:
description: Path of data source to overwrite with
type: Path
default: /dev/zero
file_to_overwrite:
description: Path of file to overwrite and remove
type: Path
default: /var/log/syslog

executor:
name: bash
command: |
dd of=#{file_to_overwrite} if=#{overwrite_source}
20 changes: 20 additions & 0 deletions atomics/T1496/T1496.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
attack_technique: T1496
display_name: Resource Hijacking

atomic_tests:
- name: macOS/Linux - Simulate CPU Load with Yes
description: |
This test simulates a high CPU load as you might observe during cryptojacking attacks.
End the test by using CTRL/CMD+C to break.
supported_platforms:
- macos
- centos
- ubuntu
- linux

executor:
name: bash
command: |
yes > /dev/null

0 comments on commit 1620029

Please sign in to comment.