-
Notifications
You must be signed in to change notification settings - Fork 0
/
script.sh
42 lines (29 loc) · 1.49 KB
/
script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Register the Microsoft RedHat repository
curl https://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft.repo
# Install PowerShell
sudo yum install -y powershell
# Start PowerShell
pwsh
# Get the Atomic Red Team
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam
# Get the Atomics Folder
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicsfolder.ps1' -UseBasicParsing);
Install-AtomicsFolder
# New Shell Import
Import-Module "/AtomicRedTeam/invoke-atomicredteam/Invoke-AtomicRedTeam.psd1" -Force
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="/AtomicRedTeam/atomics"}
# List Atomic Tests
Invoke-AtomicTest All -ShowDetailsBrief
# Check Prerequisites
Invoke-AtomicTest T1003 -CheckPrereqs
# Trigger Atomic Tests and cleanup after
Invoke-AtomicTest T1218.010 -TestNumbers 1,2 -Cleanup
# T1547.006-1 Linux - Load Kernel Module via insmod
Invoke-AtomicTest T1547.006 -TestNumbers 1 -Cleanup
# T1136.001-5 Create a new user in Linux with `root` UID and GID
Invoke-AtomicTest T1136.001 -TestNumbers 5 -Cleanup
# T1087.001-2 View sudoers access
Invoke-AtomicTest T1087.001 -TestNumbers 2 -Cleanup
# Update the S3 Bucket zips on GitHub
aws s3 cp s3://techday-visionone-dispat-serverlessdeploymentbuck-17cofqswm2hm0/serverless/techday-visionone-dispatcher/prod/1625798079068-2021-07-09T02:34:39.068Z/ . --recursive