Skip to content

New Atomic* Technique Test Creation Functions

Jump to bottom
Matt Graeber edited this page Mar 12, 2020 · 2 revisions

The Invoke-AtomicRedTeam module contains several New-Atomic* functions to facilitate using native PowerShell to create and validate atomic techniques and tests. These functions were written to address the following:

  • Atomic tests previously needed to be written by hand which is perfectly acceptable in many cases but can be error-prone.
  • Previously, when writing atomic tests, there was no way to validate the YAML against a schema aside from executing validate-atomics.rb in the atomic-red-team repository.
  • Previously, there was no way to build techniques/tests in an automated fashion using code. Imagine a scenario where hundreds of tests needed to be generated on the fly. Writing that many tests by hand is just not feasible.

The New-Atomic* functions output a well-formatted PowerShell object that is designed to be piped directly to ConvertTo-Yaml when you're ready to save your technique/tests in YAML format. You'll never have to write YAML again for atomics if you don't want to.

The following functions are available to help build atomic techniques and tests:

New-AtomicTechnique

Specifies a new atomic red team technique. The output of this function is designed to be piped directly to ConvertTo-Yaml, eliminating the need to work with YAML directly.

New-AtomicTest

Specifies the name of the test that indicates how it tests the technique.

New-AtomicTestDependency

Specifies a new dependency that must be met prior to execution of an atomic test.

New-AtomicTestInputArgument

Specifies an input to an atomic test that is a requirement to run the test (think of these like function arguments).

Ready to start writing tests using PowerShell?

Detailed documentation including example usages for each function is available by using Get-Help.

Questions? Get connected to the community on the Atomic Red Team Slack channel.

Clone this wiki locally