security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52ca3f8b1bbcb1354e47115e8ab267fb5aec48cd
atomic-red-team/execution-frameworks/Invoke-AtomicRedTeam/README.md
T

1.7 KiB
Raw Blame History

Invoke-AtomicRedTeam

Requires Installation of PowerShell-Yaml

Install-Module -Name powershell-yaml

For Additional Details: PowerShell-Yaml

Basic usage Examples

Load PowerShell Script

Import-Module .\Invoke-AtomicRedTeam.psm1`

Execute Single Test

$T1117 = Get-AtomicTechnique -Path ..\..\atomics\T1117\T1117.yaml
Invoke-AtomicTest $T1117

Additional Examples

If you would like output when running tests using the following:

Informational Stream

Invoke-AtomicTest $T1117 -InformationAction Continue

Verbose Stream

Invoke-AtomicTest $T1117 -Verbose

Debug Stream

Invoke-AtomicTest $T1117 -Debug

WhatIf

If you would like to see what would happen without running the test

Invoke-AtomicTest $T1117 -WhatIf

Confirm

To run all tests without confirming them run using the Confirm switch to false

Invoke-AtomicTest $T1117 -Confirm:$false

Or you can set your $ConfirmPreference to 'Medium'

$ConfirmPreference = 'Medium'
Invoke-AtomicTest $T1117

Generate All Tests

[System.Collections.HashTable]$AllAtomicTests = @{}
$AtomicFilePath = 'C:\AtomicRedTeam\atomics\'  
Get-ChildItem $AtomicFilePath -Recurse -Filter *.yaml -File | ForEach-Object {
    $currentTechnique = [System.IO.Path]::GetFileNameWithoutExtension($_.FullName)  
    $parsedYaml = (ConvertFrom-Yaml (Get-Content $_.FullName -Raw ))
    $AllAtomicTests.Add($currentTechnique, $parsedYaml); 
}
$AllAtomicTests.GetEnumerator() | Foreach-Object { Invoke-AtomicTest $_.Value -GenerateOnly }

Feedback Welcome

Reference in New Issue View Git Blame Copy Permalink