When creating an ability it is weird to see two line items called "technique". Should one be called "technique number" and one "technique name"? Also, could we pick these values from a pre-populated list instead of free form text input? Thx

Can cause 'NoneType' object is not iterable error at startup if json object doesn't have kill_chain_phases object

Hello, I'm starting to study Caldera and I have the following difficulty:

When I try to simulate an Atomic-related TTP, I am getting the following error message:

import-module: The specified module 'PathToAtomicsFolder \ T1059.001 \ src \ SharpHound.ps1' has not been loaded because no read module files found in any module directories. ... (PathToAtomicsFo ... \ SharpHound.ps1: String) [Import-Module], FileNot FoundException + FullyQualifiedErrorId: Modules_ModuleNotFound, Microsoft.PowerShell.Commands.ImportModuleCommand

I can see the imported TTP in the "/atomics" directory and the plugin was started with the server.
Where can I be wrong?

Congratulations for the project s2

How do I fix the problem given to me?

Hello,

I am using the stable version 2.7.0 of caldera and when I try to enable the atomic plugin, I receive the following error on the console:

ERROR (c_plugin.py:71 enable) Error enabling plugin=atomic, 'NoneType' object is not iterable

I hope this helps you somehow to make caldera and its plugins even better.

Garbage can icon is between the lock and the key here but not visible.

Describe the bug
When the Atomic plugin is enabled, Caldera doesn't advance past the _prepare_executor stage of the Atomic Plugin

To Reproduce
Steps to reproduce the behavior:
build a docker image using the instructions on the Caldera Github Repo
Enable the Atomic plugin using the local.yml file
run the Caldera server with the built image and the modified local.yml file using the docker-compose file provided in the Caldera Repo

Expected behavior
The Atomic plugin is enabled, and Caldera continues with initialization and start up

Screenshots
Screenshots of the error logs would be pretty large so ive included a paste bin of the error logs, https://pastebin.com/raw/V8dRw0Jg, for reference the last line was printed about 30 minutes before the creation of this ticket and is the last log to be printed

Desktop (please complete the following information):

• OS: AlamaLinux 8.6 as the base OS, Caldera is running in Docker
• Browser Edge
• Version 4.0.0 of caldera, 2.7 of Atomic Plugin

Additional context
Add any other context about the problem here.

I have a problem when I try to run the atomic T1087.002(Account Discovery: Domain Account) test. This atomic uses the ADFind tool to enumerate the domain accounts.

I installed on the target machine (where is installed also the sandcat agent) the atomic-red-team atomics at C:\AtomicRedTeam\atomics path.

Using caldera, I configured the ability with the PathToAtomicsFolder\T1087.002\bin\AdFind.exe -sc admincountdmp command but when I ran the command I received the The system cannot find the path specified. error message.

In fact, using the ProcMon tool on the target machine I saw that the sandcat agent ran the wrong command cmd.exe /C PathToAtomicsFolder\T1087.002\bin\AdFind.exe -sc admincountdmp otherwise cmd.exe /C C:\AtomicRedTeam\atomics\T1087.002\bin\AdFind.exe -sc admincountdmp.

Why caldera doesn't apply the variable substitution? Where I'm wrong? I want to use this feature to avoid to use the absolute path.

P.S.: If I write the command with the absolute path, it works perfectly.
P.S.: I have read the documentation about this variable in the README file but I can't solve my problem.

Regards,

Describe the bug
parser atomic_powershell mark every(almost) test as failed.

To Reproduce
Steps to reproduce the behavior:

1. Find the test "Execute base64-encoded PowerShell from Windows Registry" and run it.
2. Test will be failed because of parser atomic_powershell.

Expected behavior
Test should be marked as successful if the output is equal to:

VwByAGkAdABlAC0ASABvAHMAdAAgACIASABlAHkALAAgAEEAdABvAG0AaQBjACEAIgA=
Hey, Atomic!

Screenshots
On the screenshot you can see the case. Test failed but it completed successfully

Desktop (please complete the following information):

• OS:

analyst@ts-kali:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description:    Kali GNU/Linux Rolling
Release:        2021.2
Codename:       kali-rolling

• atomic-plugin:

analyst@ts-kali:~/caldera$ cat plugins/atomic/VERSION.txt
2.9.0-2d766f82e65cb657e19b47afa9e8ba86

• caldera:

v4.0.0

Additional context
The reason of this behavior is app/parsers/atomic_powershell.py.
The line 6: checked_flags = list('FullyQualifiedErrorId') puts an array ['F', 'u', 'l', 'l, ..., 'o', 'l', 'd'] to variable checked_flags. In that case the following if-condition will be True because there is no any chances for output to not contain any of the symbols listed above.
To resolve the issue, I guess, that line 6 should looks like that: checked_flags = ['FullyQualifiedErrorId']

What problem are you trying to solve? Please describe.

Any ideas on how to solve the known issue of importing Atomic tests with comments spanning multiple lines, such as Here-Strings?

The ideal solution: What should the feature should do?

transparent compatibility between both projects

What category of feature is this?

• UI/UX
• API
• Other

• Willing to submit a pull request to implement this feature?

Thank you!

I have an issue where the Atomic plugin is greyed out when I start Caldera using either the --insecure or with the local.yml environment file.

Stockpile is also greyed out.

The readme doesnt show any requirements, is there somewhere I can check error logs or is this a known issue.

I am running 4.0.0 on RHEL 8

Upon start up, I have the following message:

2020-03-10 13:29:19 DEBUG    Ingested 0 abilities from Atomic plugin
2020-03-10 13:29:19 DEBUG    Enabled plugin: atomic

Atomic abilities while present in the plugin folder do not appear in Caldera as part of the "redcanary" technique set.

Describe the bug
Ability T1003.007 can't be execute on correct way because of lacking of dependencies like below when raw scripts in red team canary were converted to caldera scripts:

Do you guys have plan to fix that? I found 134 abilities which had the same problems.

dependencies:
- description: |
Script to launch target process must exist
prereq_command: |
test -f #{script_path}
grep "#{pid_term}" #{script_path}
get_prereq_command: |
echo '#!/bin/sh' > #{script_path}
echo "sh -c 'echo "The password is #{pid_term}" && sleep 30' &" >> #{script_path}
- description: |
Requires Python
prereq_command: |
(which python || which python3 || which python2)
get_prereq_command: |
echo "Python 2.7+ or 3.4+ must be installed"

To Reproduce
none

Expected behavior
none

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):
all

Additional context
Add any other context about the problem here.
none