Skip to content
No description, website, or topics provided.
PowerShell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Private remove extra folder depth Feb 10, 2020
Public remove extra folder depth Feb 10, 2020
CODE_OF_CONDUCT.md Sync from Atomic Red Team. Feb 7, 2020
Invoke-AtomicRedTeam.psd1
Invoke-AtomicRedTeam.psm1 remove extra folder depth Feb 10, 2020
LICENSE.txt
README.md
install-atomicredteam.ps1 added graceful error handling Feb 12, 2020
install-atomicsfolder.ps1 added graceful error handling Feb 12, 2020

README.md

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project. The "atomics folder" contains a folder for each Technique defined by the MITRE ATT&CK™ Framework. Inside of each of these "T#" folders you'll find a yaml file that defines the attack procedures for each atomic test as well as an easier to read markdown (md) version of the same data.

  • Executing atomic tests may leave your system in an undesirable state. You are responsible for understanding what a test does before executing.

  • Ensure you have permission to test before you begin.

  • It is recommended to set up a test machine for atomic test execution that is similar to the build in your environment. Be sure you have your collection/EDR solution in place, and that the endpoint is checking in and active.

See the Wiki for complete Installation and Usage instructions.

You can’t perform that action at this time.