swimlane / atomic-operator Goto Github PK

Describe the bug
I tried installing in CentOS 7 but failed.

Error message as follows:
File "setup.py", line 21, in
with open(os.path.join(here, 'atomic_operator', 'meta.py'), 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/root/atomic-operator/atomic_operator/meta.py'

To Reproduce
Steps to reproduce the behavior:

1. Based on this guide: https://pypi.org/project/atomic-operator/
   git clone https://github.com/swimlane/atomic-operator.git
   cd atomic-operator
   pip install -r requirements.txt
   python setup.py install

I used python3 instead of python

Expected behavior
"python3 setup.py install" command should be able to complete but it did not
I did a search on meta.py . There is no such file

File "setup.py", line 21, in <module>
    with open(os.path.join(here, 'atomic_operator', '__meta__.py'), 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/root/atomic-operator/atomic_operator/__meta__.py'

When executing

atomic-operator.exe run --test_guid fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4 --check_preregs True --return_atomics True

I get listed all the atomic tests.

I would expect only the test(s) with the given guid. As the default for --techniques is "all", I thought I try to disable it using['None'] or [] but those do not work. I only get the empty dict:

atomic-operator.exe run --techniques ['None'] --test_guid 89676ba1-b1f8-47ee-b940-2e1a113ebc71 --check_preregs True --return_atomics True
{}

Maybe I am using it wrong? What would be the recommended way to just execute a sub test via guid?

Is your feature request related to a problem? Please describe.
I would like to format the output returned from --return_atomics flag

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Provide the ability to execute MITRE/CTID Adversary Emulation Plans via execution framework.

Describe the solution you'd like
Ideally, these could be executed in a similar style to the existing "config" style execution; however these YAML files are more akin to a series of Atomic Tests than to the configs.

Describe alternatives you've considered
N/A

Additional context
Example Emulation Plan

Describe the bug
Installing using pip3 natively may not work on an ARM-based (M1) Mac for a wide variety of reasons (Python + ARM is fraught with sadness). So, you'll probably want to build from source.

Building from source will likely fail because of a dependency on setuptools_rust, which requires a Rust compiler.

To Reproduce

1. Attempt the steps in the README
2. Receive the error: ModuleNotFoundError: No module named 'setuptools_rust'

Desktop (please complete the following information):

• OS: macOS Monterey

Additional context
This public Gist contains an alternate installation script that resolves this issue: https://gist.github.com/keithmccammon/5aa831e74abb74922404289d48ed1e29

Is your feature request related to a problem? Please describe.
It would be fantastic to be able to search for a specific test. Currently, I'm looking through the atomics for a good test to verify RC O365 integration, but going to the Slack and searching manually is taking a long time.

Describe the solution you'd like
A search function like searchsploit or atomic-operator -search "$keyword"

Describe alternatives you've considered
Going to the official Slack channel for advice, searching through https://atomicredteam.io/atomics/ myself

Additional context
None at this time

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

I just downloaded the "main" branch today and ran on Windows with the latest Python install. When I select the first test listed for this technique it returns empty results.

If I try to run all T1016 atomics I get "unexpected keyword argument" again.

Describe the bug

src file as part of Atomic test is not copied over to remote host even with copy_source_files flag active. Atomic test then fails.

To Reproduce

Config:

self.operator.run(
            test_guids=['437b2003-a20d-4ed8-834c-4964f24eec63',]
            atomics_path='./atomics',
            hosts = hosts,
            username = 'ubuntu',
            ssh_key_path='./mykey.pem',
            copy_source_files=True,
            cleanup=False,
            command_timeout=20,
            debug=True,
            prompt_for_input_args=False)

Content of tmp Directory on remote host (no ./src/dump_heap.py file):

-rw-rw-r--  1 ubuntu ubuntu   65 Jan 24 20:45 T1003.007.sh

Error:
INFO:Base.Runner.RemoteRunner:{'output': 'The password is T1003.007', 'error': "/usr/bin/python3: can't open file '/tmp/T1003.007/src/dump_heap.py': [Errno 2] No such file or directory\ngrep: /tmp/T1003.007.bin: No such file or directory"}

Expected behavior
File will be copied to host

Desktop (please complete the following information):

• Remote host is ubuntu 20.04

I've ran get-atomics but I can't run any technique wihthout getting the following type error pasted below. Any help would be greatly appreciated.

PS C:\Users\greg\Documents\GitHub\atomic-operator\redcanaryco-atomic-red-team-b044c49> atomic-operator run --techniques T1564.001 Traceback (most recent call last): File "<frozen runpy>", line 198, in _run_module_as_main File "<frozen runpy>", line 88, in _run_code File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\Scripts\atomic-operator.exe\__main__.py", line 7, in <module> File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\atomic_operator\__main__.py", line 6, in main fire.Fire({ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\fire\core.py", line 141, in Fire component_trace = _Fire(component, args, parsed_flag_args, context, name) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\fire\core.py", line 475, in _Fire component, remaining_args = _CallAndUpdateTrace( ^^^^^^^^^^^^^^^^^^^^ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\fire\core.py", line 691, in _CallAndUpdateTrace component = fn(*varargs, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\atomic_operator\atomic_operator.py", line 333, in run self.__config_parser = ConfigParser( ^^^^^^^^^^^^^ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\atomic_operator\configparser.py", line 67, in __init__ self._all_loaded_techniques = Loader().load_techniques() ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\atomic_operator\atomic\loader.py", line 84, in load_techniques self.__techniques[technique] = Atomic(**loaded_technique) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<attrs generated init atomic_operator.atomic.atomic.Atomic>", line 7, in __init__ File "C:\Users\greg\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.11_qbz5n2kfra8p0\LocalCache\local-packages\Python311\site-packages\atomic_operator\atomic\atomic.py", line 24, in __attrs_post_init__ test_list.append(AtomicTest(**test)) ^^^^^^^^^^^^^^^^^^ TypeError: AtomicTest.__init__() missing 1 required positional argument: 'auto_generated_guid'

at first i would thank you ATOMIC/OPERATOR team.
have best times 🥇

Describe the bug
I got with ATOMIC tool today.
I installed the last version of atomic-operator via pip (python 3.9.10) on Windows 10 and Debian 11 (on virtualbox 6).
I was trying to test and learn ATOMIC today. but I don't know the root cause of error below on Win and Linux:

INFO:Base.AtomicOperator:Running Process Discovery - ps test (4ff64f0b-aaf2-4866-b39d-38d9791407cc) for technique T1057
Traceback (most recent call last):
  File "/usr/local/bin/atomic-operator", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/dist-packages/atomic_operator/__main__.py", line 6, in main
    fire.Fire({
  File "/usr/local/lib/python3.9/dist-packages/fire/core.py", line 141, in Fire
    component_trace = _Fire(component, args, parsed_flag_args, context, name)
  File "/usr/local/lib/python3.9/dist-packages/fire/core.py", line 466, in _Fire
    component, remaining_args = _CallAndUpdateTrace(
  File "/usr/local/lib/python3.9/dist-packages/fire/core.py", line 681, in _CallAndUpdateTrace
    component = fn(*varargs, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/atomic_operator/atomic_operator.py", line 261, in run
    self.__run_technique(item)
  File "/usr/local/lib/python3.9/dist-packages/atomic_operator/atomic_operator.py", line 135, in __run_technique
    LocalRunner(test, technique.path).start()
  File "/usr/local/lib/python3.9/dist-packages/atomic_operator/execution/localrunner.py", line 74, in start
    return self.execute(executor=self._get_executor_command())
  File "/usr/local/lib/python3.9/dist-packages/atomic_operator/execution/runner.py", line 91, in execute
    response = self.execute_process(
TypeError: execute_process() got an unexpected keyword argument 'elevation_requred'

To Reproduce
Steps to reproduce the behavior:

1. I added the root path of atomic folder as exclusion within Windows Defender (so no problem for deleting and quarantining).
2. atomic-operator get_atomics --destination "E:\atomic_tests"
   Note: I launched win powershell as administrator user and linux terminal as root user.
3. atomic-operator run --atomics-path E:\atomic_tests\redcanaryco-atomic-red-team\ --techniques T1057
   or even via manually selection:
4. atomic-operator run --atomics-path E:\atomic_tests\redcanaryco-atomic-red-team\ --techniques T1057 --select-test

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
a windows image poc on imgur.com
a linux image poc on imgur.com

reademe says open issue for questions... Installed on my Mac - Monterey 12.0.1. Running remote to EC2 in AWS running Windows_Server-2019-English-Full-Base-2021.12.15 AMI. I'll occasionally get "Uknown Error's" & trying to figure out how to troubleshoot. Not sure if it's me or a legit issue. Console provides good info, but nothing to help with the Unknown Error. Setting --debug True didn't help. Can't find any logs on my Mac & takes forever to parse through powershell event logs on my target host to find anything, when I'm not sure what I'm looking for...

For example, I'll run:

atomic-operator run --atomics-path "redcanaryco-atomic-red-team-d39dc66" --techniques T1055,T1055.001,T1055.004 --hosts "1.2.3.4" --username "" --password "" --check_prereqs True

Results are T1055.001 (the last one) worked, and the rest didn't.

1c91e740-1729-4329-b779-feba6e71d048: {"1.2.3.4": {"command": {"error": "Uknown Error - Received an unknown error from host - 1.2.3.4 - Received AttributeError"}}, "technique_id": "T1055", "technique_name": "Process Injection"}
3203ad24-168e-4bec-be36-f79b13ef8a83: {"1.2.3.4": {"command": {"error": "Uknown Error - Received an unknown error from host - 1.2.3.4 - Received AttributeError"}}, "technique_id": "T1055", "technique_name": "Process Injection"}
611b39b7-e243-4c81-87a4-7145a90358b1: {"1.2.3.4": {"command": {"error": "Uknown Error - Received an unknown error from host - 1.2.3.4 - Received AttributeError"}}, "technique_id": "T1055.004", "technique_name": "Process Injection: Asynchronous Procedure Call"}
74496461-11a1-4982-b439-4d87a550d254: {"1.2.3.4": {"command": {}}, "technique_id": "T1055.001", "technique_name": "Process Injection: Dynamic-link Library Injection"}

Appreciate any pointers you can offer

Describe the bug
When attempting to run tests against a remote machine (Mac in this case), atomic operator appears to try to execute tests on localhost instead (Ubuntu Linux in this case).

To Reproduce
Here is my command:

atomic-operator run --config_file ./apa/test1.yml --hosts 'IP' --username myuser --password 'super secret password' --config_file_only --debug

And here is the contents of the config file:

atomic_tests:
  - guid: b3e7510c-2d4c-4249-a33f-591a2bc83eef
  - guid: 1864fdec-ff86-4452-8c30-f12507582a93

And here is the output:

DEBUG:Base.AtomicOperator:Checking technique T1562.001 (Impair Defenses: Disable or Modify Tools) for applicable tests.
INFO:Base:You provided a test (b3e7510c-2d4c-4249-a33f-591a2bc83eef) 'Stop and unload Crowdstrike Falcon on macOS' which is not supported on this platform. Skipping...
DEBUG:Base.AtomicOperator:Checking technique T1555.001 (Credentials from Password Stores: Keychain) for applicable tests.
INFO:Base:You provided a test (1864fdec-ff86-4452-8c30-f12507582a93) 'Keychain' which is not supported on this platform. Skipping...
b3e7510c-2d4c-4249-a33f-591a2bc83eef: {}
1864fdec-ff86-4452-8c30-f12507582a93: {}

Expected behavior
Tests should execute on remote machine
Note that I have successfully executed one-off tests successfully from the command line by passing in individual test UIDs, so I know there's nothing wrong with my connection parameters.

Hello,

Thanks for amazing work! Would it be possible to add option to run some test with sudo? For example tests T1003.007 are both failing because of permission denied. See Atomic test https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md

Test#1:
INFO:Base.Runner.RemoteRunner:{'output': 'The password is T1003.007', 'error': "dd: failed to open '/proc/50754/mem': Permission denied\ngrep: /tmp/T1003.007.bin: No such file or directory"}

Test#2:
INFO:Base.Runner.RemoteRunner:{'output': 'The password is T1003.007', 'error': 'Traceback (most recent call last):\n File "/tmp/T1003.007/src/dump_heap.py", line 26, in \n with open("/proc/{}/mem".format(process_id), "rb") as mem_file:\nPermissionError: [Errno 13] Permission denied: '/proc/50668/mem'\ngrep: /tmp/T1003.007.bin: No such file or directory'}

[System information]
platform : Ubuntu 22.04-x64
python : 3.10.4
atomic-operator : 0.8.5

[Installation commands]
The first installation attempt was made, but an error occurred.
pip install atomic-operator

Installation completed using the command below

git clone https://github.com/swimlane/atomic-operator.git
cd atomic-operator
pip install -r requirements.txt
python setup.py install

[Problematic matter]
It is a normal user and is operated at the time.
However, if you execute with root authority, you will get an error
The cause has not been found and the solution has not been solved.

=======================================
[Add question]
↓ Should I apply it on my Victim PC? Or should I apply it to the Attacker PC?
And Do I have to run SSH client?
https://www.atomic-operator.com/0.8.5/windows-remote/

Describe the bug
Running with config_file is not applying custom input values, and instead uses the technique's default values.

To Reproduce
Steps to reproduce the behavior:
config.yml

atomic_tests:
  - guid: 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e
    input_arguments:
      project-id:
        value: test-project

Run test locally:

 atomic-operator run --config_file ./config.yml --config_file_only

Output:

INFO:Base.AtomicOperator:Running Creating GCP Service Account and Service Account Key test (9fdd83fd-bd53-46e5-a716-9dec89c8ae8e) for technique T1078.004
INFO:Base.Runner:

WARNING: You do not appear to have access to project [art-project-1] or it does not exist.
ERROR: (gcloud.iam.service-accounts.create) User [<REDACTED>] does not have permission to access projects instance [art-project-1] (or it may not exist): Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).
- '@type': type.googleapis.com/google.rpc.ErrorInfo
  domain: iam.googleapis.com
  metadata:
    permission: iam.serviceAccounts.create
  reason: IAM_PERMISSION_DENIED
ERROR: (gcloud.iam.service-accounts.keys.create) NOT_FOUND: Unknown service account

Note the atomic for T1078.004 in question was slightly modified to skip the login step (since it requires a prompt) in the sequence of test commands:

  executor:
    name: sh
    elevation_required: false
    command: |
      #gcloud auth login --no-launch-browser
      gcloud config set project #{project-id}
      gcloud iam service-accounts create #{service-account-name}
      gcloud iam service-accounts keys create #{output-key-file} --iam-account=#{service-account-email}

Expected behavior
Expected to apply the value test-project for input argument project-id, and not the default value art-project-1 defined in technique atomic.

Desktop (please complete the following information):

• OS: Linux
• Browser: Chrome

More context:
Excerpt from T1078.004 atomic:

atomic_tests:
- name: Creating GCP Service Account and Service Account Key
  auto_generated_guid: 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e
  description: |
    GCP Service Accounts can be used to gain intial access as well as maintain persistence inside Google Cloud.

  supported_platforms:
  - google-workspace
  - iaas:gcp
  - linux

  input_arguments:
    project-id:
      description: ID of the project, you want to create service account as well as service account key for
      type: string
      default: art-project-1

  [...]

Describe the bug
At this path:
atomic_operator/execution/copier.py
The function "__copy_file_to_windows" function second argument is "desintation" instead of "destination".
The problem is it isn't only a typo.
When you call this function from the code at line 51 of the same file the call fails since the call variables are specified with their names:
self.__copy_file_to_windows(source=source, destination=destination).

Please replace all "destination" mentions in the code(3):
def __copy_file_to_windows(self, source, destination):
try:
command = f"New-Item -Path {os.path.dirname(destination)} -ItemType Directory"
if self.elevation_required:
command = f'Start-Process PowerShell -Verb RunAs; {command}'
output, streams, had_errors = self.windows_client.execute_ps(command)
response = self.windows_client.copy(source, destination)
except:
self.__logger.warning(f'Unable to execute copy of supporting file {source}')
self.__logger.warning(f'Output: {output}/nStreams: {streams}/nHad Errors: {had_errors}')

To Reproduce
Steps to reproduce the behavior:

1. For example: Run the atomic operator on T1218.002 with remoteRunner and it will try to copy a file to windows.
2. You will get an error

Expected behaviour
The expected behaviour should be for it to run without any errors

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Window10

Describe the bug
If an atomic test has not been configured correctly, atomic-operator will not handle it gracefully, and exit. This requires the user to modify the atomic tests folder in order to be able to use the package, which is frustrating and slow.

To Reproduce
Download the most recent atomic red team folder. Try to run a test, it will fail beacuse of many tests missing GUIDs. Ref

Expected behavior
Ignore Atomic tests that fail to be loaded when itializing an Atomic object (ref). Or, gracefully handle the error and exit. The former seems easier from an end user perspective.

Is your feature request related to a problem? Please describe.
I want to be able to set up the lab and download the requirements in advance.
But need to run the test to get them with get_prereqs

Describe the solution you'd like
have another verb like set : atomic-operator set --techniques T1234

Describe alternatives you've considered
have of norun option for get_prereqs : atomic-operator run --techniques T1234 --get_prereqs --norun

In https://github.com/swimlane/atomic-operator/blob/main/atomic_operator/base.py#L34, %temp% is being replaced with $env:TEMP for command_prompt command executions. This breaks command_prompt atomics that are expected to use %temp% (such as T1036.003 c7fa0c3b-b57f-4cba-9118-863bf4e653fc) since the $env:TEMP syntax is meant for powershell, not command prompt. Perhaps this is just a typo and it's only meant to do the replacement for powershell executions? But it also doesn't seem necessary as in my experience the atomics will use the correct temp variable in their commands to match their executor.

Is your feature request related to a problem? Please describe.
Currently, if you utilize the config_file but only want to run the tests within that file, you have to also use a list of GUIDs in the test_guids parameter. This can be problematic if you have many tests in a large config file.

Describe the solution you'd like
Ideally there would be a flag, which is only needed when config_file is passed, that declares that only the tests in the config_file should be run. (i.e. "--config_tests_only")

Describe alternatives you've considered
N/A

Additional context
Example usage of this kind of parameter in atomic-unit-test.

Is your feature request related to a problem? Please describe.
Modify --check_prereq to only run prereq_command

Describe the bug
When executing atomic-operator on a windows 10 system, many tactics that are executed add additional white spaces and carriage returns to the commands. This can be observed in the output of the commands, or in the output logs.

To Reproduce
Steps to reproduce the behavior:

1. Go to Atomic Operator
2. Execute any techniques related to PowerShell or windows account discovery enumeration. (This has also been observed across other techniques)
3. Example1: Atomic-Operator run --techniques T1087.001 --select-tests
4. Example2: Atomic-Operator run --techniques T1059.001 --select-tests
5. See direct output or log file for details after commands are executed from the Atomic-Operator framework.

Screenshots
Please see screenshot for details related to added whitespace and carriage returns. Below in additional context area.

Desktop (please complete the following information):

• OS: Windows 10 Pro - 10.0.19043 Build 19043 (x64)
• Browser: Chrome

Additional context Screenshots

Expected Behavior

Installation of Atomics into /opt/atomic directory so I can start using the tool for testing a NGAV on a linux machine.

Actual Behavior

atomic-operator get_atomics throws an error when defining the /opt/atomic directory as destination.

Traceback (most recent call last):
  File "/usr/local/bin/atomic-operator", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/atomic_operator/__main__.py", line 6, in main
    fire.Fire({
  File "/usr/local/lib/python3.8/dist-packages/fire/core.py", line 141, in Fire
    component_trace = _Fire(component, args, parsed_flag_args, context, name)
  File "/usr/local/lib/python3.8/dist-packages/fire/core.py", line 466, in _Fire
    component, remaining_args = _CallAndUpdateTrace(
  File "/usr/local/lib/python3.8/dist-packages/fire/core.py", line 681, in _CallAndUpdateTrace
    component = fn(*varargs, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/atomic_operator/atomic_operator.py", line 147, in get_atomics
    folder_name = self.download_atomic_red_team_repo(desintation, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/atomic_operator/base.py", line 47, in download_atomic_red_team_repo
    response = requests.get(Base.ATOMIC_RED_TEAM_REPO, stream=True, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/requests/api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
TypeError: request() got an unexpected keyword argument 'destination'

Steps to Reproduce the Problem

1. Disable NGAV or uninstall it if you have installed one to reproduce a clean system state
2. Do a privilege escalation to root with sudo su -
3. Install python3 with apt-get install python3
4. Install pip with apt-get install python3-pip
5. Install atomic-operator with pip install atomic-operator
6. Create atomic directory in /opt with mkdir /opt/atomic
7. Install atomics with atomic-operator get_atomics --destination "/opt/atomic"
8. Error is getting thrown and atomics won't get installed

Specifications

Version: 0.6.0
Platform: Ubuntu 20.04.3 LTS
Kernel Headers: linux-headers-5.4.0-90-generic/focal-updates,focal-security,now 5.4.0-90.101 amd64

Bug Description
If I instantiate a first AtomicOperator object, run some tests and then I create a second AtomicOperator object, when I call the run method it will first execute the tests I ran on the first object and then the actual tests I want to run on this second object.

To Reproduce
Steps to reproduce the behavior:

1. Install atomic-operator with pip install atomic-operator
2. Execute the following script with python3:

from atomic_operator import AtomicOperator

print('=============== Operator 1 ===============')

operator_1 = AtomicOperator()
operator_1.get_atomics()

# Base64 decoding with Python
output_1 = operator_1.run(test_guids=['356dc0e8-684f-4428-bb94-9313998ad608'])

print('=============== Operator 2 ===============')

operator_2 = AtomicOperator()

# Hidden Files and Directories
output_2 = operator_2.run(techniques=['T1564.001'])

Expected behavior
Execute only the first tests, then execute only the second tests.

Actual behaviour
Execute only the first tests, then execute both the first and the second tests.

=============== Operator 1 ===============
INFO:Base.AtomicOperator:Running Base64 decoding with Python test (356dc0e8-684f-4428-bb94-9313998ad608) for technique T1140
INFO:Base.Runner:

Output: Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!

=============== Operator 2 ===============
INFO:Base.AtomicOperator:Running Base64 decoding with Python test (356dc0e8-684f-4428-bb94-9313998ad608) for technique T1140
INFO:Base.Runner:

Output: Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!
Hello from Atomic Red Team test T1140!

INFO:Base.AtomicOperator:Running Create a hidden file in a hidden directory test (61a782e5-9a19-40b5-8ba4-69a4b9f3d7be) for technique T1564.001
INFO:Base.Runner:

Output: mkdir: cannot create directory ‘/var/tmp/.hidden-directory’: File exists

INFO:Base:You provided a test (cddb9098-3b47-4e01-9d3b-6f5f323288a9) 'Mac Hidden file' which is not supported on this platform. Skipping...
INFO:Base:You provided a test (f70974c8-c094-4574-b542-2c545af95a32) 'Create Windows System File with Attrib' which is not supported on this platform. Skipping...
INFO:Base:You provided a test (dadb792e-4358-4d8d-9207-b771faa0daa5) 'Create Windows Hidden File with Attrib' which is not supported on this platform. Skipping...
INFO:Base:You provided a test (3b7015f2-3144-4205-b799-b05580621379) 'Hidden files' which is not supported on this platform. Skipping...
INFO:Base:You provided a test (b115ecaf-3b24-4ed2-aefe-2fcb9db913d3) 'Hide a Directory' which is not supported on this platform. Skipping...
INFO:Base:You provided a test (9a1ec7da-b892-449f-ad68-67066d04380c) 'Show all hidden files' which is not supported on this platform. Skipping...

Platform Specifications

• Atomic Operator version: 0.6.0
• Python version: 3.8.10
• OS: Ubuntu 20.04.3 LTS

Additional Notes
The particular tests performed or the values of the other parameters of the run method are irrelevant, the bug will occurr anyway.

I just installed the "main" branch today on Ubuntu, I ran pip install requirements, but I'm still having trouble running atomic-operator. It could be my error. Can you help?

Description

When you put two guids of tests from the same technique the second test won't be launched, the problem is with the ConfigParser build_run_list method returns an empty list
From what i saw that the temp.atomic_tests was overwritten the list of tests rin for that specific technique so when you use another test from the same technqiue you won't be able to get that test because the technqiue list of atomic tests contain only the first test guid

To Reproduce

Launch tests using a config file containning guids that belongs to same technique

Expected behavior

Atomic Operator should be able to find and launch all the test mentionned in the config file

• OS: Windows 10

Is your feature request related to a problem? Please describe.
I would like to be able to run atomic-operator run --technique T1003.001 {some test within that technique}

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.