Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
This function was written to decrease overhead in developing Atomics for maldoc behavior.
It uses COM objects to execute and create VB macros inside of Office Documents (Word and Excel Support) without the need to create a .docm or .xlsm
I've attached a test atomic that utilizes this module. Once this is available in Invoke-AtomicRedTeam I will use IEX (iwr "web address to Invoke-MalDoc") to load the function into the atomic instance of powershell
This was tested using windows 10 MSOffice version 16.0.
Andras32
commented
4 years ago
This function was written to decrease overhead in developing Atomics for maldoc behavior.
It uses COM objects to execute and create VB macros inside of Office Documents (Word and Excel Support) without the need to create a .docm or .xlsm
I've attached a test atomic that utilizes this module. Once this is available in Invoke-AtomicRedTeam I will use IEX (iwr "web address to Invoke-MalDoc") to load the function into the atomic instance of powershell
This was tested using windows 10 MSOffice version 16.0.