AtomicTestHarnesses
1.9.0.0
A module to facilitate the testing of attack techniques and their corresponding procedures.
Minimum PowerShell version
5.0
Installation Options
Author(s)
Mike Haag Jesse Brown Matt Graeber Jonathan Johnson
Copyright
2021 Red Canary, Inc. All rights reserved.
Package Details
Owners
Tags
Functions
Get-ATHDriverService Get-ATHMSI Invoke-ATHHTMLApplication Invoke-ATHCompiledHelp Invoke-ATHCORProfiler Invoke-ATHCreateProcessWithToken Invoke-ATHInjectedThread Invoke-ATHMSBuild Invoke-ATHRemoteFXvGPUDisablementCommand Invoke-ATHTokenImpersonation New-ATHDriverService Invoke-ATHMSI New-ATHMSI Out-ATHPowerShellCommandLineParameter Remove-ATHDriverService Start-ATHProcessHerpaderp Start-ATHProcessUnderSpecificParent
Dependencies
This module has no dependencies.
Release Notes
1.9.0
-----
Added:
* New-ATHMSI
* Get-ATHMSI
* Invoke-ATHMSI
1.8.0
-----
Added:
* Invoke-ATHTokenImpersonation
* Invoke-ATHCreateProcessWithToken
1.7.0
-----
Added:
* New-ATHDriverService
* Get-ATHDriverService
* Remove-ATHDriverService
1.6.0
-----
Added:
* Invoke-ATHCorProfiler
1.5.0
-----
Added:
* Invoke-ATHInjectedThread
1.4.0
-----
Added:
* Invoke-ATHMSBuild
Improvements:
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.
1.3.0
-----
Added:
* Start-ATHProcessHerpaderp
1.2.0
-----
Added:
* Invoke-ATHRemoteFXvGPUDisablementCommand
1.1.1
-----
Added:
* Out-ATHPowerShellCommandLineParameter
Improvements:
* Added tags to each individual Pester test so that tags are surfaced when Invoke-Pester is run with -PassThru.
* Tweaked an error handler in Start-ATHProcessUnderSpecificParent to have less aggressive handling logic.
1.0.0
-----
Added:
* Invoke-ATHHTMLApplication
* Invoke-ATHCompiledHelp
* Start-ATHProcessUnderSpecificParent
FileList
- AtomicTestHarnesses.nuspec
- TestHarnesses\T1134.002_CreateProcessWithToken\CreateProcessWithToken.Tests.ps1
- AtomicTestHarnesses.psd1
- TestHarnesses\T1134.004_ParentPIDSpoofing\PPIDSpoof.ps1
- AtomicTestHarnesses.psm1
- TestHarnesses\T1134.004_ParentPIDSpoofing\PPIDSpoof.Tests.ps1
- LICENSE
- TestHarnesses\T1218.001_CompiledHTMLFile\InvokeCompiledHTMLFile.ps1
- Readme.md
- TestHarnesses\T1218.001_CompiledHTMLFile\InvokeCompiledHTMLFile.Tests.ps1
- .github\CODEOWNERS
- TestHarnesses\T1218.005_Mshta\InvokeHTMLApplication.ps1
- Tests\Module.Tests.ps1
- TestHarnesses\T1218.005_Mshta\InvokeHTMLApplication.Tests.ps1
- TestHarnesses\T1055.002_PortableExecutableInjection\InvokeThread.ps1
- TestHarnesses\T1218.007_Msiexec\InvokeMSI.ps1
- TestHarnesses\T1055.002_PortableExecutableInjection\InvokeThread.Tests.ps1
- TestHarnesses\T1218.007_Msiexec\InvokeMSI.Tests.ps1
- TestHarnesses\T1055_ProcessInjection\ProcessHerpderp.ps1
- TestHarnesses\T1218_SignedBinaryProxyExecution\InvokeRemoteFXvGPUDisablementCommand.ps1
- TestHarnesses\T1055_ProcessInjection\ProcessHerpderp.Tests.ps1
- TestHarnesses\T1218_SignedBinaryProxyExecution\InvokeRemoteFXvGPUDisablementCommand.Tests.ps1
- TestHarnesses\T1059.001_PowerShell\OutPowerShellCommandLineParameter.ps1
- TestHarnesses\T1543.003_WindowsService\DriverInstaller.ps1
- TestHarnesses\T1059.001_PowerShell\OutPowerShellCommandLineParameter.Tests.ps1
- TestHarnesses\T1543.003_WindowsService\DriverInstaller.Tests.ps1
- TestHarnesses\T1127.001_MSBuild\InvokeMSBuild.ps1
- TestHarnesses\T1574.012_COR_PROFILER\LoadCORProfiler.ps1
- TestHarnesses\T1127.001_MSBuild\InvokeMSBuild.Tests.ps1
- TestHarnesses\T1574.012_COR_PROFILER\LoadCORProfiler.Tests.ps1
- TestHarnesses\T1134.001_TokenImpersonation\TokenImpersonation.ps1
- TestHarnesses\T1218.007_Msiexec\Dependencies\LICENSE.TXT
- TestHarnesses\T1134.001_TokenImpersonation\TokenImpersonation.Tests.ps1
- TestHarnesses\T1218.007_Msiexec\Dependencies\Microsoft.Deployment.WindowsInstaller.dll
- TestHarnesses\T1134.002_CreateProcessWithToken\CreateProcessWithToken.ps1