Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Enable PSRemoting on remote machine
- # Enable-PSRemoting
- #
- # PSRemoting
- # https://github.com/redcanaryco/invoke-atomicredteam/wiki/Execute-Atomic-Tests-(Remote)
- $sess = New-PSSession -ComputerName WIN-AD -Credential campus\Administrator
- #
- # Import Module
- # https://github.com/redcanaryco/invoke-atomicredteam/wiki/Import-the-Module
- Import-Module "C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
- #
- # Add this to your $profile aka notepad $profile
- # Magic: set custom default values for cmdlet parameters and advanced functions
- $PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="C:\AtomicRedTeam\atomics"}
- #
- # Statically assign prompt location this goes in the $profile too
- set-location C:\AtomicRedTeam\atomics
- #
- # Find what PSSessions are running
- # Get-PSSession
- #
- # When returning to PSRemoting session (aka enter into a session)
- # Enter-PSSession $sess
- #
- # Remove PSSession
- # Remove-PSSession -Id <3>
- #
- # T1070.001-1 Clear Logs
- Invoke-AtomicTest T1070.001 -Session $sess -ShowDetailsBrief
- Invoke-AtomicTest T1070.001 -Session $sess -TestNumbers 1
- #
- # When returning to a PSRemoting Session
- # Enter-PSSession $sess
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
