Files

T

Carrie Roberts ac0546a494 Specify TTP as string, no need to call Get-AtomicTechnique first. Optionally specify individual attacks by atomic test # or name. (#525 )

2019-08-27 20:32:00 -06:00

Invoke-AtomicRedTeam

Specify TTP as string, no need to call Get-AtomicTechnique first. Optionally specify individual attacks by atomic test # or name. (#525 )

2019-08-27 20:32:00 -06:00

Tests

Added Pester tests and modified Manifest file

2018-09-13 22:55:35 -04:00

install-atomicredteam.ps1

Install Atomic - Fixed Paths (#517 )

2019-08-14 10:36:16 -06:00

README.md

Specify TTP as string, no need to call Get-AtomicTechnique first. Optionally specify individual attacks by atomic test # or name. (#525 )

2019-08-27 20:32:00 -06:00

README.md

Invoke-AtomicRedTeam

Setup

Install Atomic Red Team

Get started with our simple Install script:

powershell.exe "IEX (New-Object Net.WebClient).DownloadString('http://psInstall.AtomicRedTeam.com')"

Source

By default, it will download and Install Atomic Red Team to c:\AtomicRedTeam

Running the Install script locally provides three parameters:

InstallPath

Where ART is to be Installed

Install-AtomicRedTeam.ps1 -InstallPath c:\tools\

DownloadPath

Where ART is to be downloaded

Install-AtomicRedTeam.ps1 -DownloadPath c:\tools\

Verbose

Verbose output during Installation

Install-AtomicRedTeam.ps1 -verbose

Manual

set-executionpolicy Unrestricted

PowerShell-Yaml is required to parse Atomic yaml files:

Install-Module -Name powershell-yaml

Import-Module .\Invoke-AtomicRedTeam.psm1

Getting Started

Generate Tests

This process generates all Atomic tests and allows for easy copy and paste execution. Note: you may need to change the path.

Invoke-AllAtomicTests -GenerateOnly

Execute All Tests

Execute all Atomic tests:

Invoke-AllAtomicTests

Execute All Tests - Specific Directory

Specify a path to atomics folder, example C:\AtomicRedTeam\atomics

Invoke-AllAtomicTests -path C:\AtomicRedTeam\atomics

Execute All Attacks for a Given TTP

Invoke-AtomicTest T1117

Execute Specific Attacks (by Attack Number) for a Given TTP

Invoke-AtomicTest T1117 -TestNumbers 1, 2

Execute Specific Attacks (by Attack Name) for a Given TTP

Invoke-AtomicTest T1117 -TestNames "Regsvr32 remote COM scriptlet execution","Regsvr32 local DLL execution"

Additional Examples

If you would like output when running tests using the following:

Informational Stream

Invoke-AtomicTest T1117 -InformationAction Continue

Verbose Stream

Invoke-AtomicTest T1117 -Verbose

Debug Stream

Invoke-AtomicTest T1117 -Debug

WhatIf

If you would like to see what would happen without running the test

Invoke-AtomicTest T1117 -WhatIf

Confirm

To run all tests without confirming them run using the Confirm switch to false

Invoke-AtomicTest T1117 -Confirm:$false

Or you can set your $ConfirmPreference to 'Medium'

$ConfirmPreference = 'Medium'
Invoke-AtomicTest T1117