# Atomic Red Team

https://github.com/redcanaryco/atomic-red-team

## Structure

YAML files are used to describe a specific attack, which then can be replayed. Automatically most of the time.
These scenarios are used for testing purposes.

## Atomic Red Team for Powershell

* [Invoke-AtomicRedTeam](https://github.com/redcanaryco/invoke-atomicredteam/wiki)

Cmdlets are `Invoke-AtomicRedTeam` and `Invoke-AtomicTest`.


Import the module
```powershell
powershell -ExecutionPolicy bypass
Import-Module Invoke-AtomicRedTeam.psd1 -Force
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="C:\Users\Administrator\Desktop\atomics"}
```

### Invoke-AtomicTest

Use `Invoke-AtomicTest` 
```sh
Invoke-AtomicTest <MITRE TacticNo.> -ShowDetailsBrief
Invoke-AtomicTest <MITRE TacticNo.> -ShowDetails
```

Check if prerequisites are available
```sh
Invoke-AtomicTest <MITRE TechniqueNo.> -GetPreReqs
```


Multiple techniques can be executed through the following line
```sh
'T<number>', 'T<number>', 'T<number>' | ForEach-Object {echo "Enumerating Tactic $_"; Invoke-AtomicTest $_ -showDetails}
```

Use `-cleanup` to revert the changes. Use `-promptForInputArgs` to set variables interactively.

### Argument Customization

Customize arguments of a test execution via
```sh
$customArgs=@{"user" = "username"; "password" = "securepassword"}
Invoke-AtomicTest T<number>-<Testnumber> -InputArgs $customArgs
```

### AtomicGUI

There is a web application that can be started via `Start-AtomicGUI` to create new atomic rules.