Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/redcanaryco/invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
https://github.com/redcanaryco/invoke-atomicredteam
Last synced: about 1 hour ago
JSON representation
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
- Host: GitHub
- URL: https://github.com/redcanaryco/invoke-atomicredteam
- Owner: redcanaryco
- License: mit
- Created: 2020-02-07T15:01:41.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-10-28T04:02:40.000Z (16 days ago)
- Last Synced: 2024-11-06T04:09:44.468Z (7 days ago)
- Language: PowerShell
- Homepage:
- Size: 437 KB
- Stars: 843
- Watchers: 54
- Forks: 200
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project. The "atomics folder" contains a folder for each Technique defined by the [MITRE ATT&CK™ Framework](https://attack.mitre.org/matrices/enterprise/). Inside of each of these "T#" folders you'll find a **yaml** file that defines the attack procedures for each atomic test as well as an easier to read markdown (**md**) version of the same data.
* Executing atomic tests may leave your system in an undesirable state. You are responsible for understanding what a test does before executing.
* Ensure you have permission to test before you begin.
* It is recommended to set up a test machine for atomic test execution that is similar to the build in your environment. Be sure you have your collection/EDR solution in place, and that the endpoint is checking in and active.
See the Wiki for complete [Installation and Usage instructions](https://github.com/redcanaryco/invoke-atomicredteam/wiki).
Note: This execution frameworks works on Windows, MacOS and Linux. If using on MacOS or Linux you must install PowerShell Core first.
### Contributing
Ensure proper byte order marks (BOM) are maintained when utilizing a PowerShell linter with the following steps:
```shell
pip3 install pre-commit
pre-commit install
pre-commit install-hooks
```
By following these instructions, pre-commit hooks will be activated, automatically resolving any byte order mark issues within your PowerShell files. Additionally, these hooks will be triggered prior to committing code to your GitHub repository, ensuring consistent formatting and adherence to best practices.
You can also trigger pre-commit hooks manually by
```shell
pre-commit run --all-files
```