Files

T

Carrie Roberts 2a59d5525f When invoking new process, set working dir to $env:temp (#821 )

* move emond test into correct T#

* only show cleanup with inputs if there are inputs

* default working dir is tmp

* default working dir is tmp

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Co-authored-by: Michael Haag <mike@redcanary.com>

2020-02-05 10:30:18 -07:00

contrib/python

Execute powershell with "-Command -" arguments. Tell powershell to read scripts from stdin. (#727 )

2019-12-17 23:09:02 -07:00

Invoke-AtomicRedTeam

When invoking new process, set working dir to $env:temp (#821 )

2020-02-05 10:30:18 -07:00

ruby

Add a .gitignore to ignore generated files in this directory.

2018-08-30 11:42:14 -07:00

README.md

Multi platform invoke art (#641 )

2019-11-11 14:26:23 -07:00

README.md

Atomic Red Team Execution Frameworks

This repository contains execution frameworks that help you run Atomic Tests in your environment. Each atomic test is defined in the atomics folder inside their respective Mitre Att&ck T# folders. Within each T# folder you will find a yaml file that defines the commands to be run during the test and an easier to read markdown (md) of the same thing. Here is an example markdown file describing some of the tests that can be run using one of the below execution frameworks.

Invoke-AtomicRedTeam

Invoke-AtomicRedTeam is written in PowerShell, which can be executed cross-platform using PowerShell Core for Linux and MacOS.
For detailed installation and usage instructions refer to the README file inside of the Invoke-AtomicRedTeam folder.

Python

Surprise, this framework is written in Python. For detailed installation and usage instructions refer to the README file inside of the contrib/python folder.

Ruby

Ruby version of the execution framework.