InstallAtomicredTeamWin

1. Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
2. Set-ExecutionPolicy Bypass -Force -ErrorAction Ignore
3. # CurrentUser Bypass
4. # Set-ExecutionPolicy -Scope CurrentUser Bypass -Force -ErrorAction Ignore
5. # Set-MpPreference -DisableRealtimeMonitoring $true -Force -ErrorAction Ignore
6. Add-MpPreference -ExclusionPath C:\AtomicRedTeam\
7. Install-Module powershell-yaml -Force -ErrorAction Ignore
8. Write-Host "INSTALL EXECUTION FRAMEWORK ONLY" -fore green
9. IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
10. Install-AtomicRedTeam -Force -ErrorAction Ignore
11. Write-Host "Install Execution Framework and Atomics Folder" -fore green
12. IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
13. Install-AtomicRedTeam -getAtomics -Force -ErrorAction Ignore
14. Write-Host "Import-Module Invoke-AtomicRedTeam.PSD1" -fore green
15. Import-Module "C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force -ErrorAction Ignore
16. set-location C:\AtomicRedTeam\atomics
17. #
18. # Write-Host "Setup $PROFILE to persist PSD" -fore green
19. # Ensure module is in profile to use execution framework
20. # New-Item -ItemType Directory (split-path $profile) -Force
21. # Set-Content $profile 'Import-Module "C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force'
22. #
23. # Default Accounts is T1078.001 -Enable Guest Account
24. Invoke-AtomicTest T1078.001 -ShowDetailsBrief
25. #
26. # Write-EventLog Event to warn we are hear
27. Write-EventLog -LogName "Application" -Source "SecurityCenter" -EventID 1337 -EntryType Information -Message "AtomicRedTeam was Invoked." -Category 1 -RawData 10,20