API tools faq
paste
Advertisement
jessemoore

InstallSysmonAtomicDEMO

jessemoore
Oct 3rd, 2020 (edited)
380
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 0.99 KB | None | 0 0
raw download clone embed print report
  1. git clone https://github.com/olafhartong/sysmon-modular
  2. cd sysmon-modular
  3.  
  4. wget https://download.sysinternals.com/files/Sysmon.zip
  5.  
  6. # wget https://live.sysinternals.com/Sysmon.exe
  7.  
  8. Set-ExecutionPolicy -Scope CurrentUser Bypass
  9. . .\Merge-SysmonXml.ps1
  10. Merge-AllSysmonXml -Path ( Get-ChildItem ‘[0-9]*\*.xml’) -AsString | Out-File sysmonconfig.xml
  11. ./Sysmon.exe -accepteula -i sysmonconfig.xml
  12.  
  13. #Go Open EventViewer
  14.  
  15. #DEMO
  16.  
  17. #Enable Guest
  18. Invoke-AtomicTest T1078.001 -ShowDetailsBrief
  19. Invoke-AtomicTest T1078.001 -ShowDetails
  20. Invoke-AtomicTest T1078.001 -GetPrereqs
  21. Invoke-AtomicTest T1078.001
  22. Invoke-AtomicTest T1078.001 -Cleanup
  23.  
  24. #Use Windows Defender to download any file we want
  25. Invoke-AtomicTest T1105 -TestNumbers 13 -ShowDetailsBrief
  26. Invoke-AtomicTest T1105 -TestNumbers 13 -ShowDetails
  27. Invoke-AtomicTest T1105 -TestNumbers 13 -CheckPrereqs
  28. Invoke-AtomicTest T1105 -TestNumbers 13 -PromptForInputArgs
  29. ls $env:temp | findstr "MpCmdRun.log"
  30. ls $env:temp | findstr "Atomic"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!