Atomic-red-team

From aldeid
Jump to navigation Jump to search

Description

Atomic Red Team allows every security team to test their controls by executing simple "atomic tests" that exercise the same techniques used by adversaries (all mapped to Mitre's ATT&CK).

Installation

On the target host, run the following commands in a Powershell window: 

IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam -getAtomics

Usage

List tests for all techniques: 

Invoke-AtomicTest All -ShowDetailsBrief

List tests for a given technique: 

Invoke-AtomicTest T1003 -ShowDetailsBrief

Show test details (including attack commands, input parameters, and prerequisites) for a given technique number: 

Invoke-AtomicTest T1003 -ShowDetails

Check / Get prerequisites: 

Invoke-AtomicTest T1003 -CheckPrereqs
Invoke-AtomicTest T1003 -GetPrereqs

Run selected tests or all tests of a given technique: 

Invoke-AtomicTest T1003 -TestNumbers 1,2
Invoke-AtomicTest T1003 -TestNumbers 4
Invoke-AtomicTest T1003

Cleanup test files: 

Invoke-AtomicTest T1003 -TestNumbers 4 -Cleanup
Retrieved from "https://www.aldeid.com/w/index.php?title=Atomic-red-team&oldid=37839"