AtomicTestHarnesses

1.9.0.0

A module to facilitate the testing of attack techniques and their corresponding procedures.

Minimum PowerShell version

5.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name AtomicTestHarnesses

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Mike Haag Jesse Brown Matt Graeber Jonathan Johnson

Copyright

2021 Red Canary, Inc. All rights reserved.

Owners

Tags

Security Defense

Functions

Get-ATHDriverService Get-ATHMSI Invoke-ATHHTMLApplication Invoke-ATHCompiledHelp Invoke-ATHCORProfiler Invoke-ATHCreateProcessWithToken Invoke-ATHInjectedThread Invoke-ATHMSBuild Invoke-ATHRemoteFXvGPUDisablementCommand Invoke-ATHTokenImpersonation New-ATHDriverService Invoke-ATHMSI New-ATHMSI Out-ATHPowerShellCommandLineParameter Remove-ATHDriverService Start-ATHProcessHerpaderp Start-ATHProcessUnderSpecificParent

Dependencies

This module has no dependencies.

Release Notes


1.9.0
-----
Added:
* New-ATHMSI
* Get-ATHMSI
* Invoke-ATHMSI

1.8.0
-----
Added:
* Invoke-ATHTokenImpersonation
* Invoke-ATHCreateProcessWithToken

1.7.0
-----
Added:
* New-ATHDriverService
* Get-ATHDriverService
* Remove-ATHDriverService

1.6.0
-----
Added:
* Invoke-ATHCorProfiler

1.5.0
-----
Added:
* Invoke-ATHInjectedThread

1.4.0
-----
Added:
* Invoke-ATHMSBuild

Improvements:
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.

1.3.0
-----
Added:
* Start-ATHProcessHerpaderp

1.2.0
-----
Added:
* Invoke-ATHRemoteFXvGPUDisablementCommand

1.1.1
-----
Added:
* Out-ATHPowerShellCommandLineParameter

Improvements:
* Added tags to each individual Pester test so that tags are surfaced when Invoke-Pester is run with -PassThru.
* Tweaked an error handler in Start-ATHProcessUnderSpecificParent to have less aggressive handling logic.

1.0.0
-----
Added:
* Invoke-ATHHTMLApplication
* Invoke-ATHCompiledHelp
* Start-ATHProcessUnderSpecificParent

Version History

Version Downloads Last updated
1.9.0.0 (current version) 937 5/18/2022
1.8.0.0 1,701 11/22/2021
1.7.0.0 1,899 7/22/2021
1.6.0.0 435 6/4/2021
1.5.0.0 105 5/24/2021
1.4.0.0 682 3/2/2021
1.3.0.0 205 1/18/2021
1.2.0.0 105 12/7/2020
1.1.1.0 95 11/9/2020
1.0.0.0 75 10/22/2020