Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.
This tool automates the execution of these techniques and logs the results in the ATTiRe format, which can then be visualized on the VECTR platform.
The tool offers various threat actor profiles, enabling simulations of ransomware attacks and activities of Advanced Persistent Threat (APT) groups. The primary goal is to conduct thorough gap analysis to identify and remediate weaknesses in security defenses.
The tool includes a collection of pre-configured threat actor profiles, which can be used to simulate specific adversaries or attack scenarios. Below is a list of available profiles:
In addition to the pre-configured profiles, Invoke-AtomicAssessment allows users to create custom profiles tailored to specific threat actors or attack scenarios. Custom profiles follow a structured JSON format, as shown below:
{
"name": "APT41",
"description": "APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries. APT41 overlaps at least partially with public reporting on groups including BARIUM and Winnti Group.",
"references": [
"https://www.group-ib.com/blog/apt41-world-tour-2021/",
"https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust",
"https://malpedia.caad.fkie.fraunhofer.de/actor/apt41"
],
"operating_system": "windows",
"AtomicTests": [
{
"TestNumber": 1,
"Description": "Compiled HTML Help Local Payload",
"Command": "Invoke-AtomicTest T1218.001 -TestNumber 1"
},
{
"TestNumber": 2,
"Description": "Rundll32 with Ordinal Value",
"Command": "Invoke-AtomicTest T1218.011 -TestNumber 11"
},
{
"TestNumber": 3,
"Description": "DLL Side-Loading using the Notepad++ GUP.exe binary",
"Commands": [
"Invoke-AtomicTest T1574.002 -TestNumber 1 -GetPrereqs",
"Invoke-AtomicTest T1574.002 -TestNumber 1"
]
}
]
}
For more information click here.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…