From 56fd4b8aeb41e5ebf80e8cef6afe825ea69c0927 Mon Sep 17 00:00:00 2001 From: Matt Graeber <60448025+mgraeber-rc@users.noreply.github.com> Date: Wed, 14 Sep 2022 15:45:31 -0400 Subject: [PATCH] Module directory refactor (#11) --- AtomicTestHarnesses.psd1 | 14 +++++++++----- LICENSE | 2 +- .../AtomicTestHarnesses.psm1 | 0 .../T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 | 2 +- .../T1003.001_DumpLSASS/DumpLSASS.ps1 | 0 .../InvokeThread.Tests.ps1 | 2 +- .../InvokeThread.ps1 | 0 .../ProcessHerpderp.Tests.ps1 | 2 +- .../T1055_ProcessInjection/ProcessHerpderp.ps1 | 0 .../OutPowerShellCommandLineParameter.Tests.ps1 | 2 +- .../OutPowerShellCommandLineParameter.ps1 | 0 .../T1078.003_ValidAccounts/LogonUser.Tests.ps1 | 2 +- .../T1078.003_ValidAccounts/LogonUser.ps1 | 0 .../T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 | 2 +- .../T1127.001_MSBuild/InvokeMSBuild.ps1 | 0 .../TokenImpersonation.Tests.ps1 | 2 +- .../TokenImpersonation.ps1 | 0 .../CreateProcessWithToken.Tests.ps1 | 2 +- .../CreateProcessWithToken.ps1 | 0 .../PPIDSpoof.Tests.ps1 | 2 +- .../T1134.004_ParentPIDSpoofing/PPIDSpoof.ps1 | 0 .../InvokeCompiledHTMLFile.Tests.ps1 | 2 +- .../InvokeCompiledHTMLFile.ps1 | 0 .../InvokeHTMLApplication.Tests.ps1 | 2 +- .../T1218.005_Mshta/InvokeHTMLApplication.ps1 | 0 .../T1218.007_Msiexec/Dependencies/LICENSE.TXT | 0 .../Microsoft.Deployment.WindowsInstaller.dll | Bin .../T1218.007_Msiexec/InvokeMSI.Tests.ps1 | 2 +- .../T1218.007_Msiexec/InvokeMSI.ps1 | 0 ...InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 | 2 +- .../InvokeRemoteFXvGPUDisablementCommand.ps1 | 0 .../DriverInstaller.Tests.ps1 | 2 +- .../T1543.003_WindowsService/DriverInstaller.ps1 | 0 .../LoadCORProfiler.Tests.ps1 | 2 +- .../T1574.012_COR_PROFILER/LoadCORProfiler.ps1 | 0 {Tests => Windows/Tests}/Module.Tests.ps1 | 2 +- 36 files changed, 26 insertions(+), 22 deletions(-) mode change 100644 => 100755 LICENSE rename AtomicTestHarnesses.psm1 => Windows/AtomicTestHarnesses.psm1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 (99%) rename {TestHarnesses => Windows/TestHarnesses}/T1003.001_DumpLSASS/DumpLSASS.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 (97%) rename {TestHarnesses => Windows/TestHarnesses}/T1055.002_PortableExecutableInjection/InvokeThread.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 (98%) rename {TestHarnesses => Windows/TestHarnesses}/T1055_ProcessInjection/ProcessHerpderp.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 (98%) rename {TestHarnesses => Windows/TestHarnesses}/T1059.001_PowerShell/OutPowerShellCommandLineParameter.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1078.003_ValidAccounts/LogonUser.Tests.ps1 (97%) rename {TestHarnesses => Windows/TestHarnesses}/T1078.003_ValidAccounts/LogonUser.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 (98%) rename {TestHarnesses => Windows/TestHarnesses}/T1127.001_MSBuild/InvokeMSBuild.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 (99%) rename {TestHarnesses => Windows/TestHarnesses}/T1134.001_TokenImpersonation/TokenImpersonation.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 (99%) rename {TestHarnesses => Windows/TestHarnesses}/T1134.002_CreateProcessWithToken/CreateProcessWithToken.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 (97%) rename {TestHarnesses => Windows/TestHarnesses}/T1134.004_ParentPIDSpoofing/PPIDSpoof.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 (98%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 (97%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.005_Mshta/InvokeHTMLApplication.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.007_Msiexec/Dependencies/LICENSE.TXT (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.007_Msiexec/Dependencies/Microsoft.Deployment.WindowsInstaller.dll (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.007_Msiexec/InvokeMSI.Tests.ps1 (99%) rename {TestHarnesses => Windows/TestHarnesses}/T1218.007_Msiexec/InvokeMSI.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 (97%) rename {TestHarnesses => Windows/TestHarnesses}/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1543.003_WindowsService/DriverInstaller.Tests.ps1 (96%) rename {TestHarnesses => Windows/TestHarnesses}/T1543.003_WindowsService/DriverInstaller.ps1 (100%) rename {TestHarnesses => Windows/TestHarnesses}/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 (99%) rename {TestHarnesses => Windows/TestHarnesses}/T1574.012_COR_PROFILER/LoadCORProfiler.ps1 (100%) rename {Tests => Windows/Tests}/Module.Tests.ps1 (96%) diff --git a/AtomicTestHarnesses.psd1 b/AtomicTestHarnesses.psd1 index 2419028..6ca383b 100755 --- a/AtomicTestHarnesses.psd1 +++ b/AtomicTestHarnesses.psd1 @@ -1,10 +1,10 @@ @{ # Script module or binary module file associated with this manifest. -RootModule = 'AtomicTestHarnesses.psm1' +RootModule = 'Windows\AtomicTestHarnesses.psm1' # Version number of this module. -ModuleVersion = '1.10.0.0' +ModuleVersion = '1.10.1.0' # ID used to uniquely identify this module GUID = '195a1637-d4a4-4cb3-8d80-5b5d4e3e930a' @@ -25,7 +25,7 @@ Description = 'A module to facilitate the testing of attack techniques and their PowerShellVersion = '5.0' # Assemblies that must be loaded prior to importing this module -RequiredAssemblies = @('TestHarnesses\T1218.007_Msiexec\Dependencies\Microsoft.Deployment.WindowsInstaller.dll') +RequiredAssemblies = @('Windows\TestHarnesses\T1218.007_Msiexec\Dependencies\Microsoft.Deployment.WindowsInstaller.dll') # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. FunctionsToExport = 'Get-ATHDriverService', @@ -65,9 +65,13 @@ PrivateData = @{ # ReleaseNotes of this module ReleaseNotes = @' +1.10.1 +------ +Improvements: +* Directory refactoring -1.10.0 ------ +1.10.0 +------ Added: * Invoke-ATHDumpLSASS * Invoke-ATHLogonUser diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 index 3bffd31..bea930c --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2020, Red Canary +Copyright (c) 2022, Red Canary All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/AtomicTestHarnesses.psm1 b/Windows/AtomicTestHarnesses.psm1 similarity index 100% rename from AtomicTestHarnesses.psm1 rename to Windows/AtomicTestHarnesses.psm1 diff --git a/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 b/Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 similarity index 99% rename from TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 rename to Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 index 4efa84e..00d6736 100644 --- a/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 +++ b/Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1 b/Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1 similarity index 100% rename from TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1 rename to Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1 diff --git a/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 b/Windows/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 similarity index 97% rename from TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 rename to Windows/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 index 96698ca..1b03e45 100755 --- a/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 +++ b/Windows/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.ps1 b/Windows/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.ps1 similarity index 100% rename from TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.ps1 rename to Windows/TestHarnesses/T1055.002_PortableExecutableInjection/InvokeThread.ps1 diff --git a/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 b/Windows/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 similarity index 98% rename from TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 rename to Windows/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 index 6cc060f..66c5a45 100755 --- a/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 +++ b/Windows/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.ps1 b/Windows/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.ps1 similarity index 100% rename from TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.ps1 rename to Windows/TestHarnesses/T1055_ProcessInjection/ProcessHerpderp.ps1 diff --git a/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 b/Windows/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 similarity index 98% rename from TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 rename to Windows/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 index 89e7208..fbab642 100755 --- a/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 +++ b/Windows/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.ps1 b/Windows/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.ps1 similarity index 100% rename from TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.ps1 rename to Windows/TestHarnesses/T1059.001_PowerShell/OutPowerShellCommandLineParameter.ps1 diff --git a/TestHarnesses/T1078.003_ValidAccounts/LogonUser.Tests.ps1 b/Windows/TestHarnesses/T1078.003_ValidAccounts/LogonUser.Tests.ps1 similarity index 97% rename from TestHarnesses/T1078.003_ValidAccounts/LogonUser.Tests.ps1 rename to Windows/TestHarnesses/T1078.003_ValidAccounts/LogonUser.Tests.ps1 index fd305bb..48ebca7 100644 --- a/TestHarnesses/T1078.003_ValidAccounts/LogonUser.Tests.ps1 +++ b/Windows/TestHarnesses/T1078.003_ValidAccounts/LogonUser.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1078.003_ValidAccounts/LogonUser.ps1 b/Windows/TestHarnesses/T1078.003_ValidAccounts/LogonUser.ps1 similarity index 100% rename from TestHarnesses/T1078.003_ValidAccounts/LogonUser.ps1 rename to Windows/TestHarnesses/T1078.003_ValidAccounts/LogonUser.ps1 diff --git a/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 b/Windows/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 similarity index 98% rename from TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 rename to Windows/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 index b822c03..c9d7d52 100755 --- a/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 +++ b/Windows/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.ps1 b/Windows/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.ps1 similarity index 100% rename from TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.ps1 rename to Windows/TestHarnesses/T1127.001_MSBuild/InvokeMSBuild.ps1 diff --git a/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 b/Windows/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 similarity index 99% rename from TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 rename to Windows/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 index b4d6206..1771ac8 100644 --- a/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 +++ b/Windows/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.ps1 b/Windows/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.ps1 similarity index 100% rename from TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.ps1 rename to Windows/TestHarnesses/T1134.001_TokenImpersonation/TokenImpersonation.ps1 diff --git a/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 b/Windows/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 similarity index 99% rename from TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 rename to Windows/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 index 3cbf036..2e3fa7c 100644 --- a/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 +++ b/Windows/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.ps1 b/Windows/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.ps1 similarity index 100% rename from TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.ps1 rename to Windows/TestHarnesses/T1134.002_CreateProcessWithToken/CreateProcessWithToken.ps1 diff --git a/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 b/Windows/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 similarity index 97% rename from TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 rename to Windows/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 index 57711ee..2c1831b 100755 --- a/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 +++ b/Windows/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.ps1 b/Windows/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.ps1 similarity index 100% rename from TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.ps1 rename to Windows/TestHarnesses/T1134.004_ParentPIDSpoofing/PPIDSpoof.ps1 diff --git a/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 b/Windows/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 similarity index 98% rename from TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 rename to Windows/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 index cb177a8..ed9cc1e 100755 --- a/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 +++ b/Windows/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.ps1 b/Windows/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.ps1 similarity index 100% rename from TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.ps1 rename to Windows/TestHarnesses/T1218.001_CompiledHTMLFile/InvokeCompiledHTMLFile.ps1 diff --git a/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 b/Windows/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 similarity index 97% rename from TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 rename to Windows/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 index b808cbb..54db1ca 100755 --- a/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 +++ b/Windows/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.ps1 b/Windows/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.ps1 similarity index 100% rename from TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.ps1 rename to Windows/TestHarnesses/T1218.005_Mshta/InvokeHTMLApplication.ps1 diff --git a/TestHarnesses/T1218.007_Msiexec/Dependencies/LICENSE.TXT b/Windows/TestHarnesses/T1218.007_Msiexec/Dependencies/LICENSE.TXT similarity index 100% rename from TestHarnesses/T1218.007_Msiexec/Dependencies/LICENSE.TXT rename to Windows/TestHarnesses/T1218.007_Msiexec/Dependencies/LICENSE.TXT diff --git a/TestHarnesses/T1218.007_Msiexec/Dependencies/Microsoft.Deployment.WindowsInstaller.dll b/Windows/TestHarnesses/T1218.007_Msiexec/Dependencies/Microsoft.Deployment.WindowsInstaller.dll similarity index 100% rename from TestHarnesses/T1218.007_Msiexec/Dependencies/Microsoft.Deployment.WindowsInstaller.dll rename to Windows/TestHarnesses/T1218.007_Msiexec/Dependencies/Microsoft.Deployment.WindowsInstaller.dll diff --git a/TestHarnesses/T1218.007_Msiexec/InvokeMSI.Tests.ps1 b/Windows/TestHarnesses/T1218.007_Msiexec/InvokeMSI.Tests.ps1 similarity index 99% rename from TestHarnesses/T1218.007_Msiexec/InvokeMSI.Tests.ps1 rename to Windows/TestHarnesses/T1218.007_Msiexec/InvokeMSI.Tests.ps1 index 19b0401..8e0b12e 100644 --- a/TestHarnesses/T1218.007_Msiexec/InvokeMSI.Tests.ps1 +++ b/Windows/TestHarnesses/T1218.007_Msiexec/InvokeMSI.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1218.007_Msiexec/InvokeMSI.ps1 b/Windows/TestHarnesses/T1218.007_Msiexec/InvokeMSI.ps1 similarity index 100% rename from TestHarnesses/T1218.007_Msiexec/InvokeMSI.ps1 rename to Windows/TestHarnesses/T1218.007_Msiexec/InvokeMSI.ps1 diff --git a/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 b/Windows/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 similarity index 97% rename from TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 rename to Windows/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 index 8427b29..5c68b1f 100644 --- a/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 +++ b/Windows/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.ps1 b/Windows/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.ps1 similarity index 100% rename from TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.ps1 rename to Windows/TestHarnesses/T1218_SignedBinaryProxyExecution/InvokeRemoteFXvGPUDisablementCommand.ps1 diff --git a/TestHarnesses/T1543.003_WindowsService/DriverInstaller.Tests.ps1 b/Windows/TestHarnesses/T1543.003_WindowsService/DriverInstaller.Tests.ps1 similarity index 96% rename from TestHarnesses/T1543.003_WindowsService/DriverInstaller.Tests.ps1 rename to Windows/TestHarnesses/T1543.003_WindowsService/DriverInstaller.Tests.ps1 index 3b56799..8b444c3 100755 --- a/TestHarnesses/T1543.003_WindowsService/DriverInstaller.Tests.ps1 +++ b/Windows/TestHarnesses/T1543.003_WindowsService/DriverInstaller.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1543.003_WindowsService/DriverInstaller.ps1 b/Windows/TestHarnesses/T1543.003_WindowsService/DriverInstaller.ps1 similarity index 100% rename from TestHarnesses/T1543.003_WindowsService/DriverInstaller.ps1 rename to Windows/TestHarnesses/T1543.003_WindowsService/DriverInstaller.ps1 diff --git a/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 b/Windows/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 similarity index 99% rename from TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 rename to Windows/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 index 4fb60a4..bf1ab11 100644 --- a/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 +++ b/Windows/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses diff --git a/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.ps1 b/Windows/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.ps1 similarity index 100% rename from TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.ps1 rename to Windows/TestHarnesses/T1574.012_COR_PROFILER/LoadCORProfiler.ps1 diff --git a/Tests/Module.Tests.ps1 b/Windows/Tests/Module.Tests.ps1 similarity index 96% rename from Tests/Module.Tests.ps1 rename to Windows/Tests/Module.Tests.ps1 index b7e1835..1c41b34 100755 --- a/Tests/Module.Tests.ps1 +++ b/Windows/Tests/Module.Tests.ps1 @@ -1,7 +1,7 @@ Set-StrictMode -Version Latest $TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent -$ModuleRoot = Resolve-Path "$TestScriptRoot\.." +$ModuleRoot = Resolve-Path "$TestScriptRoot\..\..\" $ModuleManifest = "$ModuleRoot\AtomicTestHarnesses.psd1" Remove-Module [A]tomicTestHarnesses