Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.
This tool automates the execution of these techniques and logs the results in the ATTiRe format, which can then be visualized on the VECTR platform.
The tool offers various threat actor profiles, enabling simulations of ransomware attacks and activities of Advanced Persistent Threat (APT) groups. The primary goal is to conduct thorough gap analysis to identify and remediate weaknesses in security defenses.
The tool includes a collection of pre-configured threat actor profiles, which can be used to simulate specific adversaries or attack scenarios. Below is a list of available profiles:
In addition to the pre-configured profiles, Invoke-AtomicAssessment allows users to create custom profiles tailored to specific threat actors or attack scenarios. Custom profiles follow a structured JSON format, as shown below:
{
"name": "APT41",
"description": "APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries. APT41 overlaps at least partially with public reporting on groups including BARIUM and Winnti Group.",
"references": [
"https://www.group-ib.com/blog/apt41-world-tour-2021/",
"https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust",
"https://malpedia.caad.fkie.fraunhofer.de/actor/apt41"
],
"operating_system": "windows",
"AtomicTests": [
{
"TestNumber": 1,
"Description": "Compiled HTML Help Local Payload",
"Command": "Invoke-AtomicTest T1218.001 -TestNumber 1"
},
{
"TestNumber": 2,
"Description": "Rundll32 with Ordinal Value",
"Command": "Invoke-AtomicTest T1218.011 -TestNumber 11"
},
{
"TestNumber": 3,
"Description": "DLL Side-Loading using the Notepad++ GUP.exe binary",
"Commands": [
"Invoke-AtomicTest T1574.002 -TestNumber 1 -GetPrereqs",
"Invoke-AtomicTest T1574.002 -TestNumber 1"
]
}
]
}
For more information click here.
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…