search

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
MIT License
831 stars 195 forks source link

dedicated cleanup task for runner #169

Closed clr2of8 closed 10 months ago

clr2of8 commented 11 months ago

This is an update to the Invoke-AtomicRunner code that will use two different scheduled tasks, one to run the atomic and one to run the cleanup. This is because in some cases, AV kills the original process due to the atomic it is running, which means the cleanup and reboot actions never happen and the runner stops running things. By using two different scheduled tasks (and hence two different processes) we can avoid this issue and keep things running

Note: You will need to rerun Invoke-SetupAtomicRunner to get the new schedule task after this update

clr2of8 commented 10 months ago

This didn't work as expected. I addressed the issue a different way in PR #171