• Stars
    star
    835
  • Rank 54,605 (Top 2 %)
  • Language
    PowerShell
  • License
    MIT License
  • Created almost 5 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project. The "atomics folder" contains a folder for each Technique defined by the MITRE ATT&CKâ„¢ Framework. Inside of each of these "T#" folders you'll find a yaml file that defines the attack procedures for each atomic test as well as an easier to read markdown (md) version of the same data.

  • Executing atomic tests may leave your system in an undesirable state. You are responsible for understanding what a test does before executing.

  • Ensure you have permission to test before you begin.

  • It is recommended to set up a test machine for atomic test execution that is similar to the build in your environment. Be sure you have your collection/EDR solution in place, and that the endpoint is checking in and active.

See the Wiki for complete Installation and Usage instructions.

Note: This execution frameworks works on Windows, MacOS and Linux. If using on MacOS or Linux you must install PowerShell Core first.

More Repositories

1

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.
C
9,711
star
2

mac-monitor

Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.
Swift
910
star
3

chain-reactor

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
C
288
star
4

AtomicTestHarnesses

Public Repo for Atomic Test Harness
PowerShell
244
star
5

surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
Python
176
star
6

oxidebpf

A Rust library for managing eBPF programs.
Rust
114
star
7

redcanary-response-utils

Tools to automate and/or expedite response.
Python
113
star
8

redcanary-ebpf-sensor

Red Canary's eBPF Sensor
C
97
star
9

ebpfmon

Go
81
star
10

wwhf

Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019.
HTML
64
star
11

exploit-primitive-playground

C
57
star
12

vscode-attack

Visual Studio Code extension for MITRE ATT&CK
TypeScript
51
star
13

public-research

Public repository for Red Canary Research
C
33
star
14

ansible-atomic-red-team

This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
Shell
22
star
15

cbapi2

Red Canary Carbon Black API
Python
20
star
16

cb-response-smb1-utility

A simple utility to check the status of and/or disable SMBv1 on Windows system via Cb Response's Live Response functionality.
Python
15
star
17

cbconnect-2019

Ruby
7
star
18

openapi

Public API clients for connecting to the Red Canary APIs
Python
7
star
19

rtlshtree

C++
3
star
20

helm-charts

Red Canary's Public Helm Chart Repository
Smarty
1
star