execution-frameworks/Invoke-AtomicRedTeam/README.md

# Invoke-AtomicRedTeam

## Setup

### Install Atomic Red Team

Get started with our simple Install script:

`powershell.exe "IEX (New-Object Net.WebClient).DownloadString('http://psInstall.AtomicRedTeam.com')"`

[Source](install-atomicredteam.ps1)

By default, it will download and Install Atomic Red Team to `c:\AtomicRedTeam`

Running the [Install script](install-atomicredteam.ps1) locally provides three parameters:

InstallPath
- Where ART is to be Installed

    `Install-AtomicRedTeam.ps1 -InstallPath c:\tools\`

DownloadPath
- Where ART is to be downloaded

    `Install-AtomicRedTeam.ps1 -DownloadPath c:\tools\`

Verbose
- Verbose output during Installation

    `Install-AtomicRedTeam.ps1 -verbose`

### Manual


`set-executionpolicy Unrestricted`

[PowerShell-Yaml](https://github.com/cloudbase/powershell-yaml) is required to parse Atomic yaml files:


`Install-Module -Name powershell-yaml`

`Import-Module .\Invoke-AtomicRedTeam.psm1`

## Getting Started

### Generate Tests

This process generates all Atomic tests and allows for easy copy and paste execution.
Note: you may need to change the path.

    Invoke-AllAtomicTests -GenerateOnly

#### Execute All Tests

Execute all Atomic tests:

    Invoke-AllAtomicTests

#### Execute All Tests - Specific Directory

Specify a path to atomics folder, example C:\AtomicRedTeam\atomics

    Invoke-AllAtomicTests -path C:\AtomicRedTeam\atomics


#### Execute a Single Test

```powershell
$T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml
Invoke-AtomicTest $T1117
```

## Additional Examples

If you would like output when running tests using the following:

#### Informational Stream

```powershell
Invoke-AtomicTest $T1117 -InformationAction Continue
```

#### Verbose Stream

```powershell
Invoke-AtomicTest $T1117 -Verbose
```

#### Debug Stream

```powershell
Invoke-AtomicTest $T1117 -Debug
```

#### WhatIf

If you would like to see what would happen without running the test

```powershell
Invoke-AtomicTest $T1117 -WhatIf
```

#### Confirm

To run all tests without confirming them run using the Confirm switch to false

```powershell
Invoke-AtomicTest $T1117 -Confirm:$false
```

Or you can set your `$ConfirmPreference` to 'Medium'

```powershell
$ConfirmPreference = 'Medium'
Invoke-AtomicTest $T1117
```
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			`# Invoke-AtomicRedTeam`
Add README 2018-09-02 08:32:17 -06:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`## Setup`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`### Install Atomic Red Team`
Fixed Dependency Documentation 2018-09-04 09:52:15 -06:00
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`Get started with our simple Install script:`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`powershell.exe "IEX (New-Object Net.WebClient).DownloadString('http://psInstall.AtomicRedTeam.com')"`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
install-atomicredteam Updates (#498 ) 2019-05-10 13:38:02 -06:00			`[Source](install-atomicredteam.ps1)`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			By default, it will download and Install Atomic Red Team to `c:\AtomicRedTeam`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
install-atomicredteam Updates (#498 ) 2019-05-10 13:38:02 -06:00			`Running the [Install script](install-atomicredteam.ps1) locally provides three parameters:`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
			`InstallPath`
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`- Where ART is to be Installed`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`Install-AtomicRedTeam.ps1 -InstallPath c:\tools\`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
			`DownloadPath`
			`- Where ART is to be downloaded`

Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`Install-AtomicRedTeam.ps1 -DownloadPath c:\tools\`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
			`Verbose`
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`- Verbose output during Installation`
ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00
Install fixes (#462 ) 2019-03-26 14:13:05 -06:00			`Install-AtomicRedTeam.ps1 -verbose`
Add README 2018-09-02 08:32:17 -06:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`### Manual`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00

Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`set-executionpolicy Unrestricted`

			`[PowerShell-Yaml](https://github.com/cloudbase/powershell-yaml) is required to parse Atomic yaml files:`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00
			`Install-Module -Name powershell-yaml`

			`Import-Module .\Invoke-AtomicRedTeam.psm1`

			`## Getting Started`

ART - Getting Started Made Easy (#459 ) 2019-02-14 14:13:13 -07:00			`### Generate Tests`

			`This process generates all Atomic tests and allows for easy copy and paste execution.`
			`Note: you may need to change the path.`

			`Invoke-AllAtomicTests -GenerateOnly`

			`#### Execute All Tests`

			`Execute all Atomic tests:`

			`Invoke-AllAtomicTests`

			`#### Execute All Tests - Specific Directory`

			`Specify a path to atomics folder, example C:\AtomicRedTeam\atomics`

			`Invoke-AllAtomicTests -path C:\AtomicRedTeam\atomics`


			`#### Execute a Single Test`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
			```powershell
			`$T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml`
			`Invoke-AtomicTest $T1117`
			```

			`## Additional Examples`

			`If you would like output when running tests using the following:`

			`#### Informational Stream`

			```powershell
			`Invoke-AtomicTest $T1117 -InformationAction Continue`
			```

			`#### Verbose Stream`

			```powershell
			`Invoke-AtomicTest $T1117 -Verbose`
			```

			`#### Debug Stream`

			```powershell
			`Invoke-AtomicTest $T1117 -Debug`
			```

			`#### WhatIf`

			`If you would like to see what would happen without running the test`

			```powershell
			`Invoke-AtomicTest $T1117 -WhatIf`
			```

			`#### Confirm`
Add README 2018-09-02 08:32:17 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			`To run all tests without confirming them run using the Confirm switch to false`
fix README 2018-09-04 09:36:36 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			```powershell
			`Invoke-AtomicTest $T1117 -Confirm:$false`
			```
Add README 2018-09-02 08:32:17 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			Or you can set your `$ConfirmPreference` to 'Medium'
Clean Up Style and README 2018-09-04 09:28:28 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			```powershell
			`$ConfirmPreference = 'Medium'`
			`Invoke-AtomicTest $T1117`
			```