{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":574553178,"defaultBranch":"main","name":"ForgeArmory","ownerLogin":"facebookincubator","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-12-05T15:04:52.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/19538647?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1698968632.0","currentOid":""},"activityList":{"items":[{"before":"676a2277e114fa44896ff767ac7b27956a5ab502","after":"ea2e22530a969bb09cdaaa0c25538fff683e8b16","ref":"refs/heads/main","pushedAt":"2024-07-03T19:28:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Exfil from EC2 to Internet (#118)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/118\n\nTTP to exfil data from EC2 instance to the internet.\n\nInstance used needs to have the SSM agent installed and the IAM role attached with the necessary permissions.\n\nReviewed By: l50\n\nDifferential Revision: D59339276\n\nfbshipit-source-id: 464decb8be35d754413bb1e59973ebae44672ab6","shortMessageHtmlLink":"Exfil from EC2 to Internet (#118)"}},{"before":"b192ba1d46d534d3b9f6457a62528acc381fdefe","after":"676a2277e114fa44896ff767ac7b27956a5ab502","ref":"refs/heads/main","pushedAt":"2024-07-01T17:32:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Create cloud instance TTP (#117)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/117\n\nModified version of https://www.internalfb.com/code/security-ttpcode/ttps/cloud/aws/defense-evasion/create-cloud-instance/\n\nto be open sourced\n\nReviewed By: l50\n\nDifferential Revision: D59181316\n\nfbshipit-source-id: 1272adad18386ea9719eaa43f488f82a54eac4dc","shortMessageHtmlLink":"Create cloud instance TTP (#117)"}},{"before":"74b2014919191678e6687a2f756b12f04886024e","after":"b192ba1d46d534d3b9f6457a62528acc381fdefe","ref":"refs/heads/main","pushedAt":"2024-06-07T21:23:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Increase TTP robustness (#116)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/116\n\n**Changed:**\n\n- Decreased the `wait_detect_time` default value from 30 to 15 seconds in the\n README.md and YAML files.\n- Refactored the `cleanup` step in the YAML file to correctly handle multiple\n security group deletions:\n - Replaced the single `SG_ID` handling with a loop to iterate through\n multiple `SG_IDS`.\n - Updated the deletion logic to process each security group ID found by the\n `describe-security-groups` command.\n - Ensured all identified security groups are deleted by invoking the\n `delete_security_groups` function for each group ID.\n\nReviewed By: d0n601\n\nDifferential Revision: D58303180\n\nfbshipit-source-id: b20c7d87b6a4cf541eb4a4f2bf2131c5e4a6e1ed","shortMessageHtmlLink":"Increase TTP robustness (#116)"}},{"before":"579ab031f9b72c03771621b15c75b9933e171c58","after":"74b2014919191678e6687a2f756b12f04886024e","ref":"refs/heads/main","pushedAt":"2024-06-07T17:59:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Bug fix; nit (#115)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/115\n\nMinor bug fix\n\nReviewed By: d0n601\n\nDifferential Revision: D58294428\n\nfbshipit-source-id: c0a15d23c3a81915fb373befbddc8a358083294d","shortMessageHtmlLink":"Bug fix; nit (#115)"}},{"before":"15ff7171715ee767d77903a1080ae22daa19730a","after":"579ab031f9b72c03771621b15c75b9933e171c58","ref":"refs/heads/main","pushedAt":"2024-06-05T16:21:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Added TTP Module for extract-cookies-from-chromium-browser (#114)\n\nSummary:\n# Proposed Changes\n\nI've added a new TTP module for extract-cookies-from-chromium-browser for T1539 Steal Web Session Cookie using https://github.com/slyd0g/WhiteChocolateMacademiaNut. It's a very powerful technique by Justin Bui that does not require root access.\n\nIt is working on macOS Sonoma 14.5 using Google Chrome browser. But it can easily be extended to Linux via apt and Windows via Chocolately.\n\n## Related Issue(s)\n\nN/A\n\n## Testing\n\nTested on macOS Sonoma 14.5, just run:\n\n`ttpforge run forgearmory//credential-access/extract-cookies-from-chromium-browser/extract-cookies-from-chromium-browser.yaml`\n\n## Documentation\n\nPlease see the README.md\n\n## Screenshots/GIFs (optional)\n\nN/A\n\n## Checklist\n\n- [x] Ran `mage runprecommit` locally and fixed any issues that arose.\n- [x] Curated your commit(s) so they are legible and easy to read and understand.\n- [ ] 🚀\n\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/114\n\nReviewed By: l50\n\nDifferential Revision: D58160569\n\nPulled By: d0n601\n\nfbshipit-source-id: 00994904becd7308117e479af23a2808ba69d1a6","shortMessageHtmlLink":"Added TTP Module for extract-cookies-from-chromium-browser (#114)"}},{"before":"77353232c43191b59146ff96f6d957355d726819","after":"15ff7171715ee767d77903a1080ae22daa19730a","ref":"refs/heads/main","pushedAt":"2024-05-30T16:02:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Added README and TTP for creating unrestricted security group in AWS (#113)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/113\n\n**Added:**\n\n- Created `README.md` for the `create-unrestricted-security-group` TTP,\n detailing usage, arguments, requirements, examples, steps, and MITRE\n ATT&CK mapping.\n- Introduced `create-unrestricted-security-group.yaml` to set up an\n unrestricted security group in AWS with detection and cleanup steps.\n- Added logic to generate a unique security group name using a random\n string.\n- Included steps to wait for detection and check if AWS GuardDuty or\n CloudTrail detected the event.\n- Mapped MITRE ATT&CK tactics and techniques: `TA0005` Defense Evasion,\n `TA0006` Credential Access, `T1078` Valid Accounts, `T1190` Exploit\n Public-Facing Application, and `T1087.002` AWS Account.\n\nReviewed By: cedowens\n\nDifferential Revision: D57932546\n\nfbshipit-source-id: 88aea2ae024d516232446a0a826751689194fa31","shortMessageHtmlLink":"Added README and TTP for creating unrestricted security group in AWS (#…"}},{"before":"b505251bdcf6872e9deea836efbdedf3e8d11073","after":"77353232c43191b59146ff96f6d957355d726819","ref":"refs/heads/main","pushedAt":"2024-05-08T15:54:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Added T1136.001 Create Local Account and T1053.006 Systemd Timers (#112)\n\nSummary:\nI was using this for my tests and decided to share it here. Feel free to modify as you wish.\n\n# Proposed Changes\n\n1. Added T1136.001 Create Local Acounts\n2. Added T1053.006 Scheduled Task/Job: Systemd Timers - 3 methods - Credit goes to https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md\n\n## Related Issue(s)\n\nN/A\n\n## Testing\n\nI have tested it with Ubuntu 24.04. Run the following:\n\n`sudo ttpforge run forgearmory//persistence/linux/systemwide-systemd-timers/systemwide-systemd-timers.yaml`\n\n`sudo ttpforge run forgearmory//persistence/linux/systemwide-systemd-timers/systemwide-systemd-timers-transient-system.yaml`\n\n`ttpforge run forgearmory//persistence/linux/systemwide-systemd-timers/systemwide-systemd-timers-transient-user.yaml`\n\n## Documentation\n\nPlease see the README.md\n\n## Screenshots/GIFs (optional)\n\nN/A\n\n## Checklist\n\n- [ ] Ran `mage runprecommit` locally and fixed any issues that arose.\n- [ ] Curated your commit(s) so they are legible and easy to read and understand.\n- [ ] 🚀\n\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/112\n\nReviewed By: d3sch41n\n\nDifferential Revision: D57068897\n\nPulled By: d0n601\n\nfbshipit-source-id: b0db03977622146890f604806b50db3ac6b12e88","shortMessageHtmlLink":"Added T1136.001 Create Local Account and T1053.006 Systemd Timers (#112)"}},{"before":"2820ed6716073475d3e558f0d245c5b02ede958f","after":"b505251bdcf6872e9deea836efbdedf3e8d11073","ref":"refs/heads/main","pushedAt":"2024-04-01T22:14:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Validate UUIDs in YAML (#111)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/111\n\nX-link: https://github.com/facebookincubator/TTPForge/pull/494\n\nAdding validation to check for UUIDs in TTP files if strict validation is specified.\n\nReviewed By: d3sch41n\n\nDifferential Revision: D54953656\n\nfbshipit-source-id: 792d6acb7bbe11e6da4ab8417534f6b108db3d04","shortMessageHtmlLink":"Validate UUIDs in YAML (#111)"}},{"before":"1fb8ae25c9be44a51bf74e346ec975de07a9c08a","after":"2820ed6716073475d3e558f0d245c5b02ede958f","ref":"refs/heads/main","pushedAt":"2024-03-15T23:47:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Refactored new helpers; added new k8s TTPs; improved docs (#110)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/110\n\n**Added:**\n\n- `escaper` TTP for demonstrating pod escape to a node in a Kubernetes cluster.\n- `kubeletmein` TTP for gaining escalated privileges on a Kubernetes node.\n- `access-vnc-with-poor-password` TTP for demonstrating access to a poorly secured VNC server in a Kubernetes cluster.\n- `download-and-extract` helper for downloading files\n\n**Changed:**\n\n- Rolled `download-latest-github-release` into the `download-and-extract` helper.\n- Enriched existing docs for a couple of older TTPs with better formatting and clarity.\n- Updated several older TTPs to include darwin support\n\n**Removed:**\n\n- Old `download-latest-github-release.yaml` from `git` directory.\n- Redundant steps in SUID binary escalation README.\n\nReviewed By: d0n601\n\nDifferential Revision: D54970518\n\nfbshipit-source-id: 8e6f15f5879ce39f36caf2d2383acbe528591e73","shortMessageHtmlLink":"Refactored new helpers; added new k8s TTPs; improved docs (#110)"}},{"before":"c533d080713b722e597e277d9b3f87e907bf7707","after":"1fb8ae25c9be44a51bf74e346ec975de07a9c08a","ref":"refs/heads/main","pushedAt":"2024-03-15T21:59:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Add API Version and UUID to all TTPs in Armory (#109)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/109\n\nModified each file within the ForgeArmory to include the new api_version and uuid tags.\n\nReviewed By: d3sch41n\n\nDifferential Revision: D54966650\n\nfbshipit-source-id: 3584f363f3c292b61df6c4de7288440b368df63d","shortMessageHtmlLink":"Add API Version and UUID to all TTPs in Armory (#109)"}},{"before":"e78d0bfc42526fedb712e28d5bf07af601d11bb0","after":"c533d080713b722e597e277d9b3f87e907bf7707","ref":"refs/heads/main","pushedAt":"2024-03-14T19:09:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Added Kubernetes TTP helpers; fixed bugs in docs (#108)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/108\n\n**Added:**\n- New Kubernetes setup and validation TTP helpers:\n - `setup-kubeconfig-for-eks.yaml`: Sets up kubeconfig for Amazon EKS clusters.\n - `valid-k8s-env-configured.yaml`: Validates Kubernetes config for TTPForge.\n - `download-latest-github-release.yaml`: Downloads the latest GitHub release.\n\n**Changed:**\n- Updated S3 bucket enumeration guide to improve clarity and usability.\n - Simplified `bucket_list` argument path in README.\n - Split steps descriptions into multiple lines for better readability.\n- Introduced new formatting for privilege escalation README to enhance\n documentation readability and compliance with markdown best practices.\n\n**Fixed:**\n- Standardized numbering in S3 bucket enum README steps to ensure consistency.\n\nReviewed By: cedowens\n\nDifferential Revision: D54910544\n\nfbshipit-source-id: de7086b957822184d8a874fc542d9863396f20fb","shortMessageHtmlLink":"Added Kubernetes TTP helpers; fixed bugs in docs (#108)"}},{"before":"8a75cb5d5da42664d84f4b1289dab40f6b6d641d","after":"e78d0bfc42526fedb712e28d5bf07af601d11bb0","ref":"refs/heads/main","pushedAt":"2024-03-01T19:19:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Enhancements to IAM Enumeration and S3 Bucket Enumeration TTPs (#107)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/107\n\n**Added:**\n\n- New `bucket-enum` TTP for enumerating open S3 buckets using the S3Scanner tool.\n- New `aws-connector` helper TTP for validating AWS credentials and region settings.\n\n**Changed:**\n\n- Updated `enumerate-iam` README and YAML to clarify requirements and examples.\n- Removed unnecessary `set -e` commands in `enumerate-iam.yaml`.\n- Updated `bucket-enum` README to reflect the addition of new arguments and the use of the S3Scanner tool.\n- Updated `bucket-enum.yaml` to include the `aws-connector` step, revised the `provision` step for better tool installation, and added cleanup actions.\n- Modified `suid-binary-escalation.yaml` to improve the `hunt-for-suid-bins` and `escalate-privilege` steps for better clarity and effectiveness.\n\nReviewed By: cedowens\n\nDifferential Revision: D54397852\n\nfbshipit-source-id: 7f9c556b30e2bca5b2639012cf361d3e55e42714","shortMessageHtmlLink":"Enhancements to IAM Enumeration and S3 Bucket Enumeration TTPs (#107)"}},{"before":"5e4cf07fccb7b81b328239ef5eff39f3ebd3fb34","after":"8a75cb5d5da42664d84f4b1289dab40f6b6d641d","ref":"refs/heads/main","pushedAt":"2024-02-29T19:15:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Added new functionality to suid-binary-escalation TTP; misc doc updates\n\nSummary:\nAdded new functionality to suid-binary-escalation TTP; misc doc updates\n\n**Updated:**\n\n- **backdoor-ssh-authorized-keys README** - Revised the README to reflect the latest changes in the YAML, including the addition of the `post_execution_wait` argument and updates to the steps description.\n\n- **suid-binary-escalation README and YAML**\n - Updated the YAML to facilitate targeting an input binary vs. a static one.\n - Updated the YAML to create a vulnerability when relevant parameters are absent.\n - Updated the README to reflect these changes\n\n**Fixed:**\n\n- **Formatting** - Adjusted formatting in the READMEs for better readability and consistency.\n\nReviewed By: d0n601\n\nDifferential Revision: D54320551\n\nfbshipit-source-id: b89a008b9ae07e79aa7e9cfe0e334212761df509","shortMessageHtmlLink":"Added new functionality to suid-binary-escalation TTP; misc doc updates"}},{"before":"e309d188df730f70ab63678b55debb1a66b4b323","after":"5e4cf07fccb7b81b328239ef5eff39f3ebd3fb34","ref":"refs/heads/main","pushedAt":"2024-02-28T00:52:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Update `backdoor-ssh-authorized-keys` TTP with MITRE ATT&CK mapping and other QoL YAML enhancements\n\nSummary:\n**Added:**\n\n- MITRE ATT&CK mapping - Added MITRE ATT&CK mapping to the `backdoor-ssh-authorized-keys` TTP, including tactics, techniques, and subtechniques for better alignment with security frameworks.\n\n**Changed:**\n\n- TTP YAML structure - Updated the `backdoor-ssh-authorized-keys` TTP YAML file to include `requirements` and `mitre` sections, and marked `rogue_key` as a required argument.\n- Simplified step scripts - Streamlined the inline scripts for the `backup-authorized_keys` and `modify-authorized_keys` steps for clarity and efficiency.\n- Cleanup step naming - Renamed the cleanup step in `modify-authorized_keys` to `restore-old-authorized-keys` for better readability.\n\nReviewed By: d0n601\n\nDifferential Revision: D54282053\n\nfbshipit-source-id: 66634a52e31170bc74d1351d494196ff3a2dd890","shortMessageHtmlLink":"Update backdoor-ssh-authorized-keys TTP with MITRE ATT&CK mapping a…"}},{"before":"5937723756ba34dd87fd93342635a6522cbc6020","after":"e309d188df730f70ab63678b55debb1a66b4b323","ref":"refs/heads/main","pushedAt":"2024-02-26T21:06:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Cleanup old content (#104)\n\nSummary: Removed older content from two READMEs.\n\nReviewed By: d0n601\n\nTest Plan: N/A - changes were made to markdown README files.\n\nDifferential Revision: D54203121\n\nPulled By: l50\n\nfbshipit-source-id: 39231664e6031d59faf1685578f5216397bf832c","shortMessageHtmlLink":"Cleanup old content (#104)"}},{"before":"aa1b5ed555f19402aff0aa7f6dc92185615e52a0","after":"5937723756ba34dd87fd93342635a6522cbc6020","ref":"refs/heads/main","pushedAt":"2024-02-23T23:41:32.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Update CODEOWNERS\n\nSummary:\nUpdate CODEOWNERS based on new roles\n\nhttps://www.internalfb.com/intern/wiki/Offensive_Security_Group/Projects/TTPForge_0/\n\nReviewed By: CrimsonK1ng\n\nDifferential Revision: D54138841\n\nfbshipit-source-id: 6be3345ee26f27976c22f649ffb19ba8b45bc433","shortMessageHtmlLink":"Update CODEOWNERS"}},{"before":"c78bc8bdb1c383f9072c71431e1a573615aeda98","after":"aa1b5ed555f19402aff0aa7f6dc92185615e52a0","ref":"refs/heads/main","pushedAt":"2023-12-21T08:32:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"17 commodity Linux TTPs (#101)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/101\n\nThis ports 17 commodity Linux TTPs from security-ttpcode to fbcode.\n\nReviewed By: mbhatt1\n\nDifferential Revision: D51857042\n\nfbshipit-source-id: 968b46b3e1f80ef74fea023ba1939e1b5823e40a","shortMessageHtmlLink":"17 commodity Linux TTPs (#101)"}},{"before":"ef971dc08f5bf7130eef30f959b0c20aaa6e3bd6","after":"c78bc8bdb1c383f9072c71431e1a573615aeda98","ref":"refs/heads/main","pushedAt":"2023-12-08T19:19:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Add requirements section to subset of macOS TTPs (#98)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/98\n\nUse the TTPForge [requirements](https://github.com/facebookincubator/TTPForge/blob/main/docs/foundations/requirements.md) feature to specify that these TTPs should only be run on macOS (darwin)\n\nReviewed By: nicolagiacchetta\n\nDifferential Revision: D51647761\n\nfbshipit-source-id: 91d59ff4a08fe0a8ba414d964c7f5a4589cec217","shortMessageHtmlLink":"Add requirements section to subset of macOS TTPs (#98)"}},{"before":"32bdd51d012ff6232d22dd6fbcf1c0b69b5f82f2","after":"ef971dc08f5bf7130eef30f959b0c20aaa6e3bd6","ref":"refs/heads/main","pushedAt":"2023-12-08T15:26:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Modified one of the publicly commmitted macOS TTPs (sshkeygen-load-dylib.yaml), which was generating a ttpforge error due to a non zero exit code. (#99)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/99\n\nModified one of the publicly committed macOS TTPs to resolve a non-zero exit code error from the ssh-keygen binary used in the TTP.\n\nReviewed By: l50\n\nDifferential Revision: D51721160\n\nfbshipit-source-id: 6348ecc21863c7364bef772472becc06afba8811","shortMessageHtmlLink":"Modified one of the publicly commmitted macOS TTPs (sshkeygen-load-dy…"}},{"before":"03882db1898b722bd6155706a7de0203227adf00","after":"32bdd51d012ff6232d22dd6fbcf1c0b69b5f82f2","ref":"refs/heads/main","pushedAt":"2023-12-07T21:48:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Revamp Github CI/CD and Cleanup Outdated Contents (#100)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/100\n\nFollowup to https://github.com/facebookincubator/TTPForge/pull/446 but for ForgeArmory instead of TTPForge.\n\nRead this bullets top-to-bottom - they match the ordering of changed files in this diff:\n\n* Remove renovate, as we are no longer using it after moving to fbcode\n* Remove executable file permissions from files that don't need them\n* Remove Golang hooks that don't apply to this repository\n* Remove YAML linters that aren't compatible with TTPForge template format\n* Remove YAML schema, as it is incomplete and unmaintained, and has been replaced by https://github.com/facebookincubator/TTPForge/pull/475\n* Remove mage, as it is not required due to reduced dependency count (in the same manner that it was removed in the corresponding PR against TTPForge)\n* Remove other files (asdf, tool-versions, etc) that are no longer needed due to simplified dependencies\n* Remove obsolete docs and examples\n* Update README.md to reference canonical documentation and reflect developer workflow simplification\n\nReviewed By: cedowens, d0n601\n\nDifferential Revision: D51814055\n\nfbshipit-source-id: 664ff52ea9663bf0255e2ad7c28455a1b48d04d1","shortMessageHtmlLink":"Revamp Github CI/CD and Cleanup Outdated Contents (#100)"}},{"before":"1d0d93e75c57576bddc2b39116f9536061549f8c","after":"03882db1898b722bd6155706a7de0203227adf00","ref":"refs/heads/main","pushedAt":"2023-11-14T16:57:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Fix edit_step backup working directory handling (#97)\n\nSummary:\nX-link: https://github.com/facebookincubator/TTPForge/pull/418\n\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/97\n\nFix `edit_step` to make `backup_file` also use `FetchAbs` just like the target file.\n\nUpdate example in `ForgeArmory` to reflect new behavior\n\nI think this was actually ok once we switched back to doing a top-level directory change in RunSteps, but either way it is better to have this redundancy.\n\nReviewed By: cedowens\n\nDifferential Revision: D51307671\n\nfbshipit-source-id: 2873deaa792922e63899ec79d7cb1af19c9d2ede","shortMessageHtmlLink":"Fix edit_step backup working directory handling (#97)"}},{"before":"294fbd911224b24a51353deea313877bd71f3cfb","after":"1d0d93e75c57576bddc2b39116f9536061549f8c","ref":"refs/heads/main","pushedAt":"2023-11-08T16:09:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Removing colon from subtechnique descriptor in 4 macOS TTPs, which effectively breaks the TTP.\n\nSummary: Removing the colong from the subtechnique descriptor in for macOS TTPs, which effectively breaks the TTP.\n\nReviewed By: d3sch41n\n\nDifferential Revision: D51114590\n\nfbshipit-source-id: d7418d7200f6f299bc04c5e07391dc8d8aed0bf5","shortMessageHtmlLink":"Removing colon from subtechnique descriptor in 4 macOS TTPs, which ef…"}},{"before":"4c42e5b228086202bf38bdfaf75a35cc369998b6","after":"294fbd911224b24a51353deea313877bd71f3cfb","ref":"refs/heads/main","pushedAt":"2023-11-03T15:37:52.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Token documentation diff to test ShipIt (#95)\n\nSummary:\nPull Request resolved: https://github.com/facebookincubator/ForgeArmory/pull/95\n\nJust a small change to make sure ShipIt fully works\n\nReviewed By: cedowens\n\nDifferential Revision: D50973666\n\nfbshipit-source-id: 93941641a97d46203c8c1242203e7c1f5158b833","shortMessageHtmlLink":"Token documentation diff to test ShipIt (#95)"}},{"before":"b7e143630b9765e8d46c3e6ee769003f9f53d54e","after":null,"ref":"refs/heads/fixup-T168898091-main","pushedAt":"2023-11-02T23:43:52.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"d3sch41n","name":"Sam Manzer","path":"/d3sch41n","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106620054?s=80&v=4"}},{"before":"c6a6c4584ea468e469ab08053aff375b71ce7f7e","after":"4c42e5b228086202bf38bdfaf75a35cc369998b6","ref":"refs/heads/main","pushedAt":"2023-11-02T23:43:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"d3sch41n","name":"Sam Manzer","path":"/d3sch41n","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106620054?s=80&v=4"},"commit":{"message":"Re-sync with internal repository (#93)\n\nThe internal and external repositories are out of sync. This Pull Request attempts to brings them back in sync by patching the GitHub repository. Please carefully review this patch. You must disable ShipIt for your project in order to merge this pull request. DO NOT IMPORT this pull request. Instead, merge it directly on GitHub using the MERGE BUTTON. Re-enable ShipIt after merging.","shortMessageHtmlLink":"Re-sync with internal repository (#93)"}},{"before":null,"after":"b7e143630b9765e8d46c3e6ee769003f9f53d54e","ref":"refs/heads/fixup-T168898091-main","pushedAt":"2023-11-02T23:33:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"facebook-github-bot","name":"Facebook Community Bot","path":"/facebook-github-bot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6422482?s=80&v=4"},"commit":{"message":"Re-sync with internal repository\n\nThe internal and external repositories are out of sync. This Pull Request attempts to brings them back in sync by patching the GitHub repository. Please carefully review this patch. You must disable ShipIt for your project in order to merge this pull request. DO NOT IMPORT this pull request. Instead, merge it directly on GitHub using the MERGE BUTTON. Re-enable ShipIt after merging.","shortMessageHtmlLink":"Re-sync with internal repository"}},{"before":"0c1ef4dafc5622507e32c5f478fc48acfe78be7b","after":"c6a6c4584ea468e469ab08053aff375b71ce7f7e","ref":"refs/heads/main","pushedAt":"2023-11-01T22:40:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"d3sch41n","name":"Sam Manzer","path":"/d3sch41n","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106620054?s=80&v=4"},"commit":{"message":"fbshipit-source-id: b6c4efc3ab9d18c04d290eec87e074d4a3b1fb2a","shortMessageHtmlLink":"fbshipit-source-id: b6c4efc3ab9d18c04d290eec87e074d4a3b1fb2a"}},{"before":"862f57e840b44c352d1bc18ed30e0b891a70cdd9","after":"0c1ef4dafc5622507e32c5f478fc48acfe78be7b","ref":"refs/heads/main","pushedAt":"2023-11-01T22:29:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"d3sch41n","name":"Sam Manzer","path":"/d3sch41n","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106620054?s=80&v=4"},"commit":{"message":"fbshipit-source-id: 0091b668bd55a7894f5bd74e7c9566d0f74c4dc7","shortMessageHtmlLink":"fbshipit-source-id: 0091b668bd55a7894f5bd74e7c9566d0f74c4dc7"}},{"before":null,"after":"adeb2e5669d738ff93b975ae622ca35bafd518e9","ref":"refs/heads/sfm-update-docs","pushedAt":"2023-10-05T20:20:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"d3sch41n","name":"Sam Manzer","path":"/d3sch41n","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106620054?s=80&v=4"},"commit":{"message":"vibe check update - just a preview so folks see where I am going","shortMessageHtmlLink":"vibe check update - just a preview so folks see where I am going"}},{"before":"42f7c8c56d81faef30bc1ef5e2036c888f09c09c","after":"862f57e840b44c352d1bc18ed30e0b891a70cdd9","ref":"refs/heads/main","pushedAt":"2023-10-03T09:10:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"l50","name":"Jayson Grace","path":"/l50","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/4031126?s=80&v=4"},"commit":{"message":"Update detections to use us-east-1 specifically (#91)\n\n* Update detections to use us-east-1 specifically\r\n\r\n- As per https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html\r\n\r\n* Added missing MITRE mappings to cloud TTPs and docs","shortMessageHtmlLink":"Update detections to use us-east-1 specifically (#91)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEdjzHRAA","startCursor":null,"endCursor":null}},"title":"Activity · facebookincubator/ForgeArmory"}