Atomic Red Team

installation

# PowerShell
Import-Module "invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="AtomicRedTeam\atomics"}

How to use

# get requirements
Invoke-AtomicTest T1127 -GetPrereqs

# get briefdetails
Invoke-AtomicTest T1127 -ShowDetailsBrief

# get details
Invoke-AtomicTest T1127 -ShowDetails

# execute tests
Invoke-AtomicTest T1127 -TestNumbers 1,2

# cleanup after execution
Invoke-AtomicTest T1127 -TestNumbers 1,2 -cleanup

create rules via gui

# start gui
Start-AtomicGui

# view
http://localhost:8487/home

Emulating an Attack

# view if tests exist
ls C:\Tools\AtomicRedTeam\atomics | Where-Object Name -Match "T1566.001|T1203|T1059.003|T1083|T1082|T1016|T1049|T1007|T1087.001"

# show details
'T1566.001','T1059.003','T1083','T1082','T1016','T1049','T1007','T1087.001' | ForEach-Object {echo "Enumerating $_"; Invoke-AtomicTest $_ -ShowDetailsBrief }

# test Prerequirements
'T1566.001','T1059.003','T1083','T1082','T1016','T1049','T1007','T1087.001' | ForEach-Object {echo "Enumerating $_"; Invoke-AtomicTest $_ -CheckPrereqs }

Searching for Technique on ATT&CK Navigator

ATT&CK Navigator

Atomic Red Team

installation

How to use

create rules via gui

Emulating an Attack

Searching for Technique on ATT&CK Navigator

sources

You may also enjoy

Splunk

Mastering Field Extraction in Splunk: Quick Guide

Mastering the Tstats Command in Splunk