Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
MIT License
818
stars
194
forks
source link
Invoke a test on a remote system through a PSSession #7
Invoke-AtomicTest now supports the -Session parameter for invoking an atomic on a remote machine.
On the remote machine you must have PS remoting enabled (Enable-PSRemoting) and for simplicity sake, the user you remote as should be an admin (although there are ways to do it with a non-admin user). Create the session with $sess = New-PSSession -ComputerName somecomputer -Credential mydomain\username , enter the credentials when prompted and then pass the session to Invoke-AtomicTest Invoke-AtomicTest T1003 -TestNumbers 1 -Session $sess . If the test requires supporting files, such as those in the T#\bin or T#\src directories, those can be made available to the remote machine using the -GetPrereqs flag.
Invoke-AtomicTest now supports the
-Sessionparameter for invoking an atomic on a remote machine.On the remote machine you must have PS remoting enabled (
Enable-PSRemoting) and for simplicity sake, the user you remote as should be an admin (although there are ways to do it with a non-admin user). Create the session with$sess = New-PSSession -ComputerName somecomputer -Credential mydomain\username, enter the credentials when prompted and then pass the session to Invoke-AtomicTestInvoke-AtomicTest T1003 -TestNumbers 1 -Session $sess. If the test requires supporting files, such as those in the T#\bin or T#\src directories, those can be made available to the remote machine using the-GetPrereqsflag.