execution-frameworks/Invoke-AtomicRedTeam/README.md

# Invoke-AtomicRedTeam

## Setup

### Install Atomic Red Team

Get started quickly with our simple Powershell [script](install-atomicredteam.ps1).

### Manual


`set-executionpolicy Unrestricted`

[PowerShell-Yaml](https://github.com/cloudbase/powershell-yaml) is required to parse Atomic yaml files:


`Install-Module -Name powershell-yaml`

`Import-Module .\Invoke-AtomicRedTeam.psm1`

## Getting Started

### Execute a Single Test

```powershell
$T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml
Invoke-AtomicTest $T1117
```

## Additional Examples

If you would like output when running tests using the following:

#### Informational Stream

```powershell
Invoke-AtomicTest $T1117 -InformationAction Continue
```

#### Verbose Stream

```powershell
Invoke-AtomicTest $T1117 -Verbose
```

#### Debug Stream

```powershell
Invoke-AtomicTest $T1117 -Debug
```

#### WhatIf

If you would like to see what would happen without running the test

```powershell
Invoke-AtomicTest $T1117 -WhatIf
```

#### Confirm

To run all tests without confirming them run using the Confirm switch to false

```powershell
Invoke-AtomicTest $T1117 -Confirm:$false
```

Or you can set your `$ConfirmPreference` to 'Medium'

```powershell
$ConfirmPreference = 'Medium'
Invoke-AtomicTest $T1117
```

## Generate All Tests

```powershell
[System.Collections.HashTable]$AllAtomicTests = @{}
$AtomicFilePath = 'C:\AtomicRedTeam\atomics\'  
Get-ChildItem $AtomicFilePath -Recurse -Filter *.yaml -File | ForEach-Object {
    $currentTechnique = [System.IO.Path]::GetFileNameWithoutExtension($_.FullName)  
    $parsedYaml = (ConvertFrom-Yaml (Get-Content $_.FullName -Raw ))
    $AllAtomicTests.Add($currentTechnique, $parsedYaml);
}
$AllAtomicTests.GetEnumerator() | Foreach-Object { Invoke-AtomicTest $_.Value -GenerateOnly }
```
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			`# Invoke-AtomicRedTeam`
Add README 2018-09-02 08:32:17 -06:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`## Setup`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`### Install Atomic Red Team`
Fixed Dependency Documentation 2018-09-04 09:52:15 -06:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`Get started quickly with our simple Powershell [script](install-atomicredteam.ps1).`
Add README 2018-09-02 08:32:17 -06:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`### Manual`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00

Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00			`set-executionpolicy Unrestricted`

			`[PowerShell-Yaml](https://github.com/cloudbase/powershell-yaml) is required to parse Atomic yaml files:`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
Install-AtomicRedTeam Script (#450 ) 2019-02-06 11:52:40 -07:00
			`Install-Module -Name powershell-yaml`

			`Import-Module .\Invoke-AtomicRedTeam.psm1`

			`## Getting Started`

			`### Execute a Single Test`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00
			```powershell
			`$T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml`
			`Invoke-AtomicTest $T1117`
			```

			`## Additional Examples`

			`If you would like output when running tests using the following:`

			`#### Informational Stream`

			```powershell
			`Invoke-AtomicTest $T1117 -InformationAction Continue`
			```

			`#### Verbose Stream`

			```powershell
			`Invoke-AtomicTest $T1117 -Verbose`
			```

			`#### Debug Stream`

			```powershell
			`Invoke-AtomicTest $T1117 -Debug`
			```

			`#### WhatIf`

			`If you would like to see what would happen without running the test`

			```powershell
			`Invoke-AtomicTest $T1117 -WhatIf`
			```

			`#### Confirm`
Add README 2018-09-02 08:32:17 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			`To run all tests without confirming them run using the Confirm switch to false`
fix README 2018-09-04 09:36:36 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			```powershell
			`Invoke-AtomicTest $T1117 -Confirm:$false`
			```
Add README 2018-09-02 08:32:17 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			Or you can set your `$ConfirmPreference` to 'Medium'
Clean Up Style and README 2018-09-04 09:28:28 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			```powershell
			`$ConfirmPreference = 'Medium'`
			`Invoke-AtomicTest $T1117`
			```
Clean Up Style and README 2018-09-04 09:28:28 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			`## Generate All Tests`
IMport-Module cleaner 2018-09-06 09:34:39 -06:00
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			```powershell
			`[System.Collections.HashTable]$AllAtomicTests = @{}`
			`$AtomicFilePath = 'C:\AtomicRedTeam\atomics\'`
			`Get-ChildItem $AtomicFilePath -Recurse -Filter *.yaml -File \| ForEach-Object {`
			`$currentTechnique = [System.IO.Path]::GetFileNameWithoutExtension($_.FullName)`
			`$parsedYaml = (ConvertFrom-Yaml (Get-Content $_.FullName -Raw ))`
Fixed Bug in Get-Atomic (#376 ) 2018-10-11 18:28:39 -06:00			`$AllAtomicTests.Add($currentTechnique, $parsedYaml);`
Modified Invoke-AtomicRedTeam functions and README 2018-09-07 23:28:17 -04:00			`}`
			`$AllAtomicTests.GetEnumerator() \| Foreach-Object { Invoke-AtomicTest $_.Value -GenerateOnly }`
			```