Install Atomic Red team
The Atomic Red Team framework is a powerful, open-source toolset for simulating cyberattacks to test and improve security defenses. It provides predefined atomic tests that mimic real-world attack techniques, allowing security teams to evaluate their detection and response capabilities effectively. With simple installation and easy-to-run tests, it is a great tool to run locally and on your home network.
Install the execution framework
Install-Module -Name invoke-atomicredteam, powershell-yaml -Scope CurrentUser
Install the execution framework and atomics folder
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); Install-AtomicRedTeam -getAtomics
Import the module
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicsfolder.ps1' -UseBasicParsing); Install-AtomicsFolder to install the folder only. Import-Module "C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
Commands
List atomic tests that can be run from the current platform (Windows, Linux, macOS):
Invoke-AtomicTest T1003 -ShowDetailsBrief
List all atomic tests regardless of which platform it can be executed from:
Invoke-AtomicTest T1003 -ShowDetailsBrief -anyOS
List atomic tests that can be run from the current platform (Windows, Linux, macOS):
Invoke-AtomicTest All -ShowDetailsBrief
List all atomic tests regardless of which platform it can be executed from:
Invoke-AtomicTest -ShowDetailsBrief -anyOS Invoke-AtomicTest T1218.010 -TestNumbers 1,2
Run an atomic red team test
Invoke-AtomicTest T1016
Cleanup an atomic red team test
Invoke-AtomicTest T1016 -cleanup
Log and run an atomic red team test to the current directory in json format
Invoke-AtomicTest T1016 -LoggingModule "Attire-ExecutionLogger" -ExecutionLogPath T1016-Windows.json
References:
Last updated