diff --git a/README.md b/README.md index 54f63a8957..fe640d57f3 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ trademark of The MITRE Corporation.* 2. [Contributing Guide](https://github.com/redcanaryco/atomic-red-team/blob/master/CONTRIBUTIONS.md) 3. [Doing more with Atomic Red Team](#doing-more-with-atomic-red-team) 1. [Using the Atomic Red Team Ruby API](#using-the-atomic-red-team-ruby-api) - 2. [Running Atomic Red Team tests via Invoke-ArtAction Powershell](#running-atomic-red-team-tests-via-invoke-artaction-powershell) - 3. [Bonus APIs: Ruby ATT&CK API](#bonus-apis-ruby-attck-api) + 2. [Bonus APIs: Ruby ATT&CK API](#bonus-apis-ruby-attck-api) + 3. [Execution Frameworks](https://github.com/redcanaryco/atomic-red-team/blob/master/execution-frameworks) ## Quick Start: Using Atomic Red Team to test your security @@ -139,28 +139,6 @@ end For additional examples, see the utilities in `bin/` or the API code in `atomic_red_team`. -### Running Atomic Red Team tests via Invoke-ArtAction Powershell -Atomic Red Team tests can also be invoked on a Windows system via an Atomic Red Team PowerShell module. - -**Note: this section and the associated Powershell module does not currently work with the -new YAML format and is being updated.** - -To invoke an Atomic Red Team test: - -``` -...from within the atomic-red-team directory... -# TODO: is there a way this can be installed from github? - -PS > Import-Module .\AtomicRedTeam.psd1 -PS > Invoke-ArtAction Windows/Execution/Trusted_Developer_Utilities/MSBuild -``` - -Tab-completion is also provided: -``` -PS > Get-ArtAction Windows/Ex* -Windows/Execution/Trusted_Developer_Utilities/MSBuild -``` - ### Bonus APIs: Ruby ATT&CK API Atomic Red Team pulls information about ATT&CK techniques using the STIX definitions of ATT&CK located on [MITRE's CTI Github](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json). diff --git a/execution-frameworks/README.md b/execution-frameworks/README.md new file mode 100644 index 0000000000..18a11dea29 --- /dev/null +++ b/execution-frameworks/README.md @@ -0,0 +1,2 @@ +# Atomic Red Team Execution Frameworks +This repository will contain any lightweight execution frameworks that help you run Atomic Tests in your environment. \ No newline at end of file diff --git a/Automation/AtomicRedTeam.psd1 b/execution-frameworks/powershell-invoke-art-action/AtomicRedTeam.psd1 similarity index 100% rename from Automation/AtomicRedTeam.psd1 rename to execution-frameworks/powershell-invoke-art-action/AtomicRedTeam.psd1 diff --git a/Automation/AtomicRedTeam.psm1 b/execution-frameworks/powershell-invoke-art-action/AtomicRedTeam.psm1 similarity index 100% rename from Automation/AtomicRedTeam.psm1 rename to execution-frameworks/powershell-invoke-art-action/AtomicRedTeam.psm1 diff --git a/Automation/readme.md b/execution-frameworks/powershell-invoke-art-action/readme.md similarity index 93% rename from Automation/readme.md rename to execution-frameworks/powershell-invoke-art-action/readme.md index 47af785056..a973f86e8e 100644 --- a/Automation/readme.md +++ b/execution-frameworks/powershell-invoke-art-action/readme.md @@ -1,4 +1,8 @@ -# Automation Framework for the Atomic Red Team +# Atomic Red Team Powershell Execution Framework + +> **HEADS UP!** The Invoke-ArtAction execution framework was designed for the original Atomic Red Team Markdown +> format and is not yet compatible with the current Atomic YAML format. Let us know if you're interested in +> contributing that update! The Atomic Red Team project is unique in that it not only describes the tactics and techiques of the MITRE ATT&CK framework, but it also includes automation of these techniques.