AtomicTestHarnesses
1.11.0.0
A module to facilitate the testing of attack techniques and their corresponding procedures.
Minimum PowerShell version
5.0
Installation Options
Owners
Copyright
2022 Red Canary, Inc. All rights reserved.
Package Details
Author(s)
- Mike Haag Jesse Brown Matt Graeber Jonathan Johnson Jared Atkinson
Tags
Functions
Get-ATHDriverService Get-ATHMSI Invoke-ATHHTMLApplication Invoke-ATHCompiledHelp Invoke-ATHCORProfiler Invoke-ATHCreateProcessWithToken Invoke-ATHDumpLSASS Invoke-ATHInjectedThread Invoke-ATHLogonUser Invoke-ATHMSBuild Invoke-ATHRemoteFXvGPUDisablementCommand Invoke-ATHTokenImpersonation New-ATHService Invoke-ATHMSI New-ATHMSI Out-ATHPowerShellCommandLineParameter Remove-ATHService Start-ATHProcessHerpaderp Start-ATHProcessUnderSpecificParent
Dependencies
This module has no dependencies.
Release Notes
1.11.0
------
Improvements:
* Changed New-ATHDriverService to New-ATHService
* Changed Remove-ATHDriverService to Remove-ATHService
* Added install variants to New-ATHService
* Added the ability to install/uninstall service types outside of drivers to New-ATHService
1.10.1
------
Improvements:
* Directory refactoring
1.10.0
------
Added:
* Invoke-ATHDumpLSASS
* Invoke-ATHLogonUser
1.9.0
-----
Added:
* New-ATHMSI
* Get-ATHMSI
* Invoke-ATHMSI
1.8.0
-----
Added:
* Invoke-ATHTokenImpersonation
* Invoke-ATHCreateProcessWithToken
1.7.0
-----
Added:
* New-ATHDriverService
* Get-ATHDriverService
* Remove-ATHDriverService
1.6.0
-----
Added:
* Invoke-ATHCorProfiler
1.5.0
-----
Added:
* Invoke-ATHInjectedThread
1.4.0
-----
Added:
* Invoke-ATHMSBuild
Improvements:
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.
1.3.0
-----
Added:
* Start-ATHProcessHerpaderp
1.2.0
-----
Added:
* Invoke-ATHRemoteFXvGPUDisablementCommand
1.1.1
-----
Added:
* Out-ATHPowerShellCommandLineParameter
Improvements:
* Added tags to each individual Pester test so that tags are surfaced when Invoke-Pester is run with -PassThru.
* Tweaked an error handler in Start-ATHProcessUnderSpecificParent to have less aggressive handling logic.
1.0.0
-----
Added:
* Invoke-ATHHTMLApplication
* Invoke-ATHCompiledHelp
* Start-ATHProcessUnderSpecificParent
FileList
- AtomicTestHarnesses.nuspec
- Readme.md
- Windows\TestHarnesses\T1134.004_ParentPIDSpoofing\PPIDSpoof.ps1
- AtomicTestHarnesses.psd1
- Windows\TestHarnesses\T1574.012_COR_PROFILER\LoadCORProfiler.Tests.ps1
- Windows\TestHarnesses\T1574.012_COR_PROFILER\LoadCORProfiler.ps1
- LICENSE
- Windows\TestHarnesses\T1134.002_CreateProcessWithToken\CreateProcessWithToken.ps1
- Windows\AtomicTestHarnesses.psm1
- Windows\TestHarnesses\T1134.002_CreateProcessWithToken\CreateProcessWithToken.Tests.ps1
- posix\Pipfile
- posix\docs\macos\t1059_007.md
- posix\mkdocs.yml
- posix\docs\macos\t1059_002.md
- posix\README.md
- posix\docs\linux\t1055_008.md
- posix\Pipfile.lock
- posix\docs\linux\t1548_001.md
- posix\pyproject.toml
- posix\docs\linux\t1018.md
- Windows\Tests\Module.Tests.ps1
- posix\src\posixath\__init__.py
- posix\docs\index.md
- posix\src\posixath\__main__.py
- Windows\TestHarnesses\T1055_ProcessInjection\ProcessHerpderp.ps1
- posix\src\posixath\__about__.py
- Windows\TestHarnesses\T1055_ProcessInjection\ProcessHerpderp.Tests.ps1
- posix\src\posixath\pytest.ini
- Windows\TestHarnesses\T1218.005_Mshta\InvokeHTMLApplication.ps1
- Windows\TestHarnesses\T1218.007_Msiexec\Dependencies\LICENSE.TXT
- Windows\TestHarnesses\T1218.005_Mshta\InvokeHTMLApplication.Tests.ps1
- Windows\TestHarnesses\T1218.007_Msiexec\Dependencies\Microsoft.Deployment.WindowsInstaller.dll
- Windows\TestHarnesses\T1059.001_PowerShell\OutPowerShellCommandLineParameter.ps1
- posix\src\posixath\tests\__init__.py
- Windows\TestHarnesses\T1059.001_PowerShell\OutPowerShellCommandLineParameter.Tests.ps1
- posix\src\posixath\tests\conftest.py
- Windows\TestHarnesses\T1078.003_ValidAccounts\LogonUser.ps1
- posix\src\posixath\utils\ptrace.py
- Windows\TestHarnesses\T1078.003_ValidAccounts\LogonUser.Tests.ps1
- posix\src\posixath\utils\__init__.py
- Windows\TestHarnesses\T1127.001_MSBuild\InvokeMSBuild.Tests.ps1
- posix\src\posixath\utils\common.py
- Windows\TestHarnesses\T1127.001_MSBuild\InvokeMSBuild.ps1
- posix\src\posixath\utils\hexdump.py
- Windows\TestHarnesses\T1218.001_CompiledHTMLFile\InvokeCompiledHTMLFile.Tests.ps1
- posix\src\posixath\tests\macos\__init__.py
- Windows\TestHarnesses\T1218.001_CompiledHTMLFile\InvokeCompiledHTMLFile.ps1
- posix\src\posixath\tests\macos\test_T1059_007.py
- Windows\TestHarnesses\T1218_SignedBinaryProxyExecution\InvokeRemoteFXvGPUDisablementCommand.Tests.ps1
- posix\src\posixath\tests\macos\test_T1059_002.py
- Windows\TestHarnesses\T1218_SignedBinaryProxyExecution\InvokeRemoteFXvGPUDisablementCommand.ps1
- posix\src\posixath\tests\linux\__init__.py
- Windows\TestHarnesses\T1218.007_Msiexec\InvokeMSI.ps1
- posix\src\posixath\tests\linux\test_T1055_008.py
- Windows\TestHarnesses\T1218.007_Msiexec\InvokeMSI.Tests.ps1
- posix\src\posixath\tests\linux\test_T1548_001.py
- Windows\TestHarnesses\T1543.003_WindowsService\ServiceInstaller.ps1
- posix\src\posixath\tests\linux\test_T1018.py
- Windows\TestHarnesses\T1543.003_WindowsService\ServiceInstaller.Tests.ps1
- posix\src\posixath\utils\tests\__init__.py
- Windows\TestHarnesses\T1134.001_TokenImpersonation\TokenImpersonation.ps1
- posix\src\posixath\utils\tests\test_common.py
- Windows\TestHarnesses\T1134.001_TokenImpersonation\TokenImpersonation.Tests.ps1
- posix\src\posixath\tests\macos\library\T1059_002\whoami.scpt
- Windows\TestHarnesses\T1003.001_DumpLSASS\DumpLSASS.Tests.ps1
- posix\src\posixath\tests\macos\library\T1059_002\whoami.sh
- Windows\TestHarnesses\T1003.001_DumpLSASS\DumpLSASS.ps1
- posix\src\posixath\tests\macos\library\T1059_002\nsapplescript_example.swift
- Windows\TestHarnesses\T1055.002_PortableExecutableInjection\InvokeThread.Tests.ps1
- posix\src\posixath\tests\macos\library\T1059_007\whoami_jxa.sh
- Windows\TestHarnesses\T1055.002_PortableExecutableInjection\InvokeThread.ps1
- posix\src\posixath\tests\macos\library\T1059_007\osakit_example.swift
- Windows\TestHarnesses\T1134.004_ParentPIDSpoofing\PPIDSpoof.Tests.ps1
- posix\src\posixath\tests\macos\library\T1059_007\whoami_jxa.scpt
Version History
Version | Downloads | Last updated |
---|---|---|
1.12.0.0 | 33,631 | 12/13/2022 |
1.11.0.0 (current version) | 40 | 12/9/2022 |
1.9.0.0 | 2,766 | 5/18/2022 |
1.8.0.0 | 1,745 | 11/22/2021 |
1.7.0.0 | 1,950 | 7/22/2021 |
1.6.0.0 | 472 | 6/4/2021 |
1.5.0.0 | 142 | 5/24/2021 |
1.4.0.0 | 720 | 3/2/2021 |
1.3.0.0 | 242 | 1/18/2021 |
1.2.0.0 | 142 | 12/7/2020 |
1.1.1.0 | 132 | 11/9/2020 |
1.0.0.0 | 113 | 10/22/2020 |