Atomic Red Team
Atomic Red Team
installation
1
2
3
# PowerShell
Import-Module "invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="AtomicRedTeam\atomics"}
How to use
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# get requirements
Invoke-AtomicTest T1127 -GetPrereqs
# get briefdetails
Invoke-AtomicTest T1127 -ShowDetailsBrief
# get details
Invoke-AtomicTest T1127 -ShowDetails
# execute tests
Invoke-AtomicTest T1127 -TestNumbers 1,2
# cleanup after execution
Invoke-AtomicTest T1127 -TestNumbers 1,2 -cleanup
create rules via gui
1
2
3
4
5
# start gui
Start-AtomicGui
# view
http://localhost:8487/home
Emulating an Attack
1
2
3
4
5
6
7
8
# view if tests exist
ls C:\Tools\AtomicRedTeam\atomics | Where-Object Name -Match "T1566.001|T1203|T1059.003|T1083|T1082|T1016|T1049|T1007|T1087.001"
# show details
'T1566.001','T1059.003','T1083','T1082','T1016','T1049','T1007','T1087.001' | ForEach-Object {echo "Enumerating $_"; Invoke-AtomicTest $_ -ShowDetailsBrief }
# test Prerequirements
'T1566.001','T1059.003','T1083','T1082','T1016','T1049','T1007','T1087.001' | ForEach-Object {echo "Enumerating $_"; Invoke-AtomicTest $_ -CheckPrereqs }
Searching for Technique on ATT&CK Navigator
sources
This post is licensed under CC BY 4.0 by the author.