atomicredteam

package module
v0.0.1-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2020 License: MIT Imports: 8 Imported by: 0

README

go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project. The "atomics folder" contains a folder for each Technique defined by the MITRE ATT&CK™ Framework. Inside of each of these "T#" folders you'll find a yaml file that defines the attack procedures for each atomic test as well as an easier to read markdown (md) version of the same data.

  • Executing atomic tests may leave your system in an undesirable state. You are responsible for understanding what a test does before executing.

  • Ensure you have permission to test before you begin.

  • It is recommended to set up a test machine for atomic test execution that is similar to the build in your environment. Be sure you have your collection/EDR solution in place, and that the endpoint is checking in and active.

Note: This execution framwork works on Windows, MacOS, and Linux (assuming it's cross-compiled).

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Version = "version not set"

Functions

func Execute 

func Execute(tid, name, repo string, inputs []string) (*types.AtomicTest, error)

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.