57 lines
1.5 KiB
Markdown
57 lines
1.5 KiB
Markdown
# Atomic Red Team
|
|
|
|
https://github.com/redcanaryco/atomic-red-team
|
|
|
|
## Structure
|
|
|
|
YAML files are used to describe a specific attack, which then can be replayed. Automatically most of the time.
|
|
These scenarios are used for testing purposes.
|
|
|
|
## Atomic Red Team for Powershell
|
|
|
|
* [Invoke-AtomicRedTeam](https://github.com/redcanaryco/invoke-atomicredteam/wiki)
|
|
|
|
Cmdlets are `Invoke-AtomicRedTeam` and `Invoke-AtomicTest`.
|
|
|
|
|
|
Import the module
|
|
```powershell
|
|
powershell -ExecutionPolicy bypass
|
|
Import-Module Invoke-AtomicRedTeam.psd1 -Force
|
|
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="C:\Users\Administrator\Desktop\atomics"}
|
|
```
|
|
|
|
### Invoke-AtomicTest
|
|
|
|
Use `Invoke-AtomicTest`
|
|
```sh
|
|
Invoke-AtomicTest <MITRE TacticNo.> -ShowDetailsBrief
|
|
Invoke-AtomicTest <MITRE TacticNo.> -ShowDetails
|
|
```
|
|
|
|
Check if prerequisites are available
|
|
```sh
|
|
Invoke-AtomicTest <MITRE TechniqueNo.> -GetPreReqs
|
|
```
|
|
|
|
|
|
Multiple techniques can be executed through the following line
|
|
```sh
|
|
'T<number>', 'T<number>', 'T<number>' | ForEach-Object {echo "Enumerating Tactic $_"; Invoke-AtomicTest $_ -showDetails}
|
|
```
|
|
|
|
Use `-cleanup` to revert the changes. Use `-promptForInputArgs` to set variables interactively.
|
|
|
|
### Argument Customization
|
|
|
|
Customize arguments of a test execution via
|
|
```sh
|
|
$customArgs=@{"user" = "username"; "password" = "securepassword"}
|
|
Invoke-AtomicTest T<number>-<Testnumber> -InputArgs $customArgs
|
|
```
|
|
|
|
### AtomicGUI
|
|
|
|
There is a web application that can be started via `Start-AtomicGUI` to create new atomic rules.
|
|
|