-
Notifications
You must be signed in to change notification settings - Fork 202
New Atomic* Technique Test Creation Functions
The Invoke-AtomicRedTeam module contains several New-Atomic* functions to facilitate using native PowerShell to create and validate atomic techniques and tests. These functions were written to address the following:
- Atomic tests previously needed to be written by hand which is perfectly acceptable in many cases but can be error-prone when drafting YAML manually.
- Previously, when writing atomic tests, there was no way to validate the YAML against a schema aside from executing
validate-atomics.rbin theatomic-red-teamrepository. - Previously, there was no way to build techniques/tests in an automated fashion using code. Imagine a scenario where hundreds of tests needed to be generated on the fly. Writing that many tests by hand is just not feasible.
The following functions are available to help build atomic techniques and tests:
Specifies a new atomic red team technique. The output of this function is designed to be piped directly to ConvertTo-Yaml, eliminating the need to work with YAML directly.
Specifies the name of the test that indicates how it tests the technique.
Specifies a new dependency that must be met prior to execution of an atomic test.
Detailed documentation including example usages for each function is available by using Get-Help.
Questions? Get connected to the community on the Atomic Red Team Slack channel.
- Installation
- Import the Module
- List Atomic Tests
- Check/Get Prerequisites for Atomic Tests
- Execute Atomic Tests (Local)
- Execute Atomic Tests (Remote)
- Specify Custom Input Arguments
- Cleanup after Executing Atomic Tests
- Execution Logging
- Adversary Emulation
- Continuous Atomic Testing
- Execution Hooks
- Helper Functions
- The Atomic GUI
- Uninstallation