clr2of8
commented
4 years ago I believe the validation for dependency executors should be the same as the regular executors. I am double checking with the author of that module to make sure I am not missing anything. You can go ahead with a PR to fix if you like and once I hear back from the author, I'll approve.
2XXE-SRA
In https://github.com/redcanaryco/invoke-atomicredteam/blob/master/Public/Get-AtomicTechnique.ps1#L108-L109, two arrays are defined showing the valid executor types. The dependency executor types are limited to just "powershell", meaning the execution framework will throw an error for something like "dependency_executor_name: command_prompt". However, https://github.com/redcanaryco/invoke-atomicredteam/blob/master/Public/Get-AtomicTechnique.ps1#L294-L295 returns a list of all valid executor types when the condition is not met. For example if you set dependency_executor_name to "command_prompt", the tool will check if its "powershell" then tell you it must be one of "command_prompt", "sh", "bash", "powershell", "manual". The specification (https://github.com/redcanaryco/atomic-red-team/blob/d127147734978cddaeb4afe793938733b992b53e/atomic_red_team/spec.yaml#L77) doesn't really give much info on this field other than saying that it will default to the type used by the attacks (leading me believe, there shouldn't be any additional restrictions on executor type).
Based on this, what are the expected inputs and behaviors?