Introducing AtomicTestHarnesses
A PowerShell module for executing atomic tests with more control, better logging, and enhanced validation capabilities.
Originally published on Red Canary Blog
Read the full article: Introducing AtomicTestHarnesses
What is AtomicTestHarnesses?
AtomicTestHarnesses is a PowerShell module designed to complement Atomic Red Team by providing:
- More granular control over test execution
- Enhanced logging and validation
- Better integration with detection systems
- Programmatic test result validation
Why We Built It
While Atomic Red Team provides excellent test coverage, we needed:
- Automated validation of test execution
- Detailed logging for analysis
- Ability to run tests programmatically
- Better integration with our detection pipeline
Key Features
Granular Control
Execute individual test components with precise control over parameters and timing.
Enhanced Logging
Detailed execution logs that capture:
- Test parameters
- Execution results
- Artifacts created
- Cleanup status
Validation Framework
Programmatically validate that tests executed as expected:
- Check for expected artifacts
- Verify process creation
- Validate network connections
- Confirm file modifications
Detection Integration
Easily integrate with SIEMs and detection platforms to validate detection coverage.
Use Cases
Detection Validation
Run tests and automatically verify your detections fired.
Continuous Testing
Integrate into CI/CD pipelines for ongoing detection validation.
Research & Development
Develop new atomic tests with better debugging capabilities.
Training
Provide students with detailed feedback on test execution.
Getting Started
# Install the module
Install-Module -Name AtomicTestHarnesses
# Import and use
Import-Module AtomicTestHarnesses
Invoke-AtomicTest -TestGuid <guid> -Validate
Read the full documentation: Introducing AtomicTestHarnesses
Related Modules
Atomics on a Friday
Weekly YouTube show exploring atomic tests, detection engineering, and security research. Live demonstrations and deep dives into attack techniques.