-
Notifications
You must be signed in to change notification settings - Fork 46
/
Copy pathAtomicTestHarnesses.psd1
executable file
·178 lines (139 loc) · 4.89 KB
/
AtomicTestHarnesses.psd1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
@{
# Script module or binary module file associated with this manifest.
RootModule = 'Windows\AtomicTestHarnesses.psm1'
# Version number of this module.
ModuleVersion = '1.13.1.0'
# ID used to uniquely identify this module
GUID = '195a1637-d4a4-4cb3-8d80-5b5d4e3e930a'
# Author of this module
Author = 'Mike Haag, Jesse Brown, Matt Graeber, Jonathan Johnson, Jared Atkinson'
# Company or vendor of this module
CompanyName = 'Red Canary, Inc.'
# Copyright statement for this module
Copyright = '2023 Red Canary, Inc. All rights reserved.'
# Description of the functionality provided by this module
Description = 'A module to facilitate the testing of attack techniques and their corresponding procedures.'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '5.0'
# Assemblies that must be loaded prior to importing this module
RequiredAssemblies = @('Windows\TestHarnesses\T1218.007_Msiexec\Dependencies\Microsoft.Deployment.WindowsInstaller.dll')
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Get-ATHDriverService',
'Get-ATHMSI',
'Invoke-ATHHTMLApplication',
'Invoke-ATHCompiledHelp',
'Invoke-ATHCORProfiler',
'Invoke-ATHCreateProcessWithToken',
'Invoke-ATHDumpLSASS',
'Invoke-ATHInjectedThread',
'Invoke-ATHLogonUser',
'Invoke-ATHMSBuild',
'Invoke-ATHRemoteFXvGPUDisablementCommand',
'Invoke-ATHTokenImpersonation',
'New-ATHPortableExecutableRunner',
'New-ATHService',
'Invoke-ATHMSI',
'New-ATHMSI',
'Out-ATHPowerShellCommandLineParameter',
'Remove-ATHService',
'Set-ATHRegistry',
'Start-ATHProcessHerpaderp',
'Start-ATHProcessUnderSpecificParent'
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
Tags = @('Security', 'Defense')
# A URL to the license for this module.
LicenseUri = 'https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/LICENSE'
# A URL to the main website for this project.
ProjectUri = 'https://github.com/redcanaryco/AtomicTestHarnesses'
# ReleaseNotes of this module
ReleaseNotes = @'
1.13.1
------
Improvements:
* New-ATHPortableExecutableRunner was tweaked to follow hard links in order to avoid defaulting to localized MUI directories which can lead to version info cloning inconsistencies.
1.13.0
------
Added:
* New-ATHPortableExecutableRunner
1.12.0
------
Added:
* Set-ATHRegistry
Improvements:
* Documented the -DeleteServiceBinary switch in New-ATHService
1.11.0
------
Improvements:
* Changed New-ATHDriverService to New-ATHService
* Changed Remove-ATHDriverService to Remove-ATHService
* Added install variants to New-ATHService
* Added the ability to install/uninstall service types outside of drivers to New-ATHService
1.10.1
------
Improvements:
* Directory refactoring
1.10.0
------
Added:
* Invoke-ATHDumpLSASS
* Invoke-ATHLogonUser
1.9.0
-----
Added:
* New-ATHMSI
* Get-ATHMSI
* Invoke-ATHMSI
1.8.0
-----
Added:
* Invoke-ATHTokenImpersonation
* Invoke-ATHCreateProcessWithToken
1.7.0
-----
Added:
* New-ATHDriverService
* Get-ATHDriverService
* Remove-ATHDriverService
1.6.0
-----
Added:
* Invoke-ATHCorProfiler
1.5.0
-----
Added:
* Invoke-ATHInjectedThread
1.4.0
-----
Added:
* Invoke-ATHMSBuild
Improvements:
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.
1.3.0
-----
Added:
* Start-ATHProcessHerpaderp
1.2.0
-----
Added:
* Invoke-ATHRemoteFXvGPUDisablementCommand
1.1.1
-----
Added:
* Out-ATHPowerShellCommandLineParameter
Improvements:
* Added tags to each individual Pester test so that tags are surfaced when Invoke-Pester is run with -PassThru.
* Tweaked an error handler in Start-ATHProcessUnderSpecificParent to have less aggressive handling logic.
1.0.0
-----
Added:
* Invoke-ATHHTMLApplication
* Invoke-ATHCompiledHelp
* Start-ATHProcessUnderSpecificParent
'@
} # End of PSData hashtable
} # End of PrivateData hashtable
}