-
Notifications
You must be signed in to change notification settings - Fork 201
Invoke WebRequestVerifyHash
The Invoke-WebRequestVerifyHash function only downloads and saves a file to disk if the file hash matches the specified value. This function can be used in an atomic test definition by passing in the url of the file to download, the path where it should be saved, and lastly the expected Sha256 file hash as follows:
Invoke-WebRequestVerifyHash $url $outfile $hash
The function returns $true
if the file was saved to disk, $false
otherwise. See the "Windows Credential Editor" test under T1003 for example usage.
We recommend you use the function to validate the file hash when the download location is not a Github "Permanent Link", or the download location is not widely recognized as trusted. An example download source that is arguably trusted, an could forego the verify hash check, is the Microsoft SysInternals download site.
Questions? Get connected to the community on the Atomic Red Team Slack channel.
- Installation
- Import the Module
- List Atomic Tests
- Check/Get Prerequisites for Atomic Tests
- Execute Atomic Tests (Local)
- Execute Atomic Tests (Remote)
- Specify Custom Input Arguments
- Cleanup after Executing Atomic Tests
- Execution Logging
- Adversary Emulation
- Continuous Atomic Testing
- Execution Hooks
- Helper Functions
- The Atomic GUI
- Uninstallation