AtomicTestHarnesses

1.12.0.0

A module to facilitate the testing of attack techniques and their corresponding procedures.

Minimum PowerShell version

5.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name AtomicTestHarnesses

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name AtomicTestHarnesses

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

2022 Red Canary, Inc. All rights reserved.

Package Details

Author(s)

  • Mike Haag Jesse Brown Matt Graeber Jonathan Johnson Jared Atkinson

Tags

Security Defense

Functions

Get-ATHDriverService Get-ATHMSI Invoke-ATHHTMLApplication Invoke-ATHCompiledHelp Invoke-ATHCORProfiler Invoke-ATHCreateProcessWithToken Invoke-ATHDumpLSASS Invoke-ATHInjectedThread Invoke-ATHLogonUser Invoke-ATHMSBuild Invoke-ATHRemoteFXvGPUDisablementCommand Invoke-ATHTokenImpersonation New-ATHService Invoke-ATHMSI New-ATHMSI Out-ATHPowerShellCommandLineParameter Remove-ATHService Set-ATHRegistry Start-ATHProcessHerpaderp Start-ATHProcessUnderSpecificParent

Dependencies

This module has no dependencies.

Release Notes

1.12.0
------
Added:
* Set-ATHRegistry

Improvements:
* Documented the -DeleteServiceBinary switch in New-ATHService

1.11.0
------
Improvements:
* Changed New-ATHDriverService to New-ATHService
* Changed Remove-ATHDriverService to Remove-ATHService
* Added install variants to New-ATHService
* Added the ability to install/uninstall service types outside of drivers to New-ATHService

1.10.1
------
Improvements:
* Directory refactoring

1.10.0
------
Added:
* Invoke-ATHDumpLSASS
* Invoke-ATHLogonUser

1.9.0
-----
Added:
* New-ATHMSI
* Get-ATHMSI
* Invoke-ATHMSI

1.8.0
-----
Added:
* Invoke-ATHTokenImpersonation
* Invoke-ATHCreateProcessWithToken

1.7.0
-----
Added:
* New-ATHDriverService
* Get-ATHDriverService
* Remove-ATHDriverService

1.6.0
-----
Added:
* Invoke-ATHCorProfiler

1.5.0
-----
Added:
* Invoke-ATHInjectedThread

1.4.0
-----
Added:
* Invoke-ATHMSBuild

Improvements:
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.

1.3.0
-----
Added:
* Start-ATHProcessHerpaderp

1.2.0
-----
Added:
* Invoke-ATHRemoteFXvGPUDisablementCommand

1.1.1
-----
Added:
* Out-ATHPowerShellCommandLineParameter

Improvements:
* Added tags to each individual Pester test so that tags are surfaced when Invoke-Pester is run with -PassThru.
* Tweaked an error handler in Start-ATHProcessUnderSpecificParent to have less aggressive handling logic.

1.0.0
-----
Added:
* Invoke-ATHHTMLApplication
* Invoke-ATHCompiledHelp
* Start-ATHProcessUnderSpecificParent

FileList

Version History

Version Downloads Last updated
1.12.0.0 (current version) 37,099 12/13/2022
1.11.0.0 40 12/9/2022
1.9.0.0 2,769 5/18/2022
1.8.0.0 1,745 11/22/2021
1.7.0.0 1,950 7/22/2021
1.6.0.0 472 6/4/2021
1.5.0.0 142 5/24/2021
1.4.0.0 720 3/2/2021
1.3.0.0 242 1/18/2021
1.2.0.0 142 12/7/2020
1.1.1.0 132 11/9/2020
1.0.0.0 113 10/22/2020
Show more