Update main.yml #7

Workflow file for this run

	name: Execute and Validate Atomic Test

	on: [push]

	jobs:
	run-atomic-test:
	runs-on: windows-latest
	name: Run Atomic Test and Display Output

	steps:
	- uses: actions/checkout@v2

	- name: Install and Run Atomic Test
	shell: pwsh
	run: \|
	# Install Atomic Red Team
	IEX (Invoke-WebRequest 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
	Install-AtomicRedTeam -getAtomics -Force

	# Define the path and message for the test
	$file_contents_path = "$Env:TEMP\test.bin"
	$message = "Hello from the Windows Command Prompt!"

	# Run Atomic Test T1059.003 - Test #2
	Invoke-AtomicTest T1059.003 -TestNumbers 2 -InputArgs @{ "file_contents_path" = $file_contents_path; "message" = $message }

	# Output the results
	Write-Host "Contents of the file created by the test:"
	Get-Content -Path $file_contents_path

	- name: List Recent Events from Event Log
	shell: pwsh
	run: \|
	# List Recent Events from Application Log
	Write-Host "Recent Events from Application Log:"
	Get-WinEvent -LogName "Application" -MaxEvents 50 \| Format-Table -AutoSize \| Out-String -Width 4096
	Write-Host "`n"

	# List Recent Events from System Log
	Write-Host "Recent Events from System Log:"
	Get-WinEvent -LogName "System" -MaxEvents 50 \| Format-Table -AutoSize \| Out-String -Width 4096
	Write-Host "`n"

	# List Recent Events from Security Log
	Write-Host "Recent Events from Security Log:"
	Get-WinEvent -LogName "Security" -MaxEvents 50 \| Format-Table -AutoSize \| Out-String -Width 4096

	- name: Cleanup
	shell: pwsh
	run: \|
	$file_contents_path = "$Env:TEMP\test.bin"
	Remove-Item -Path $file_contents_path -Force

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update main.yml #7

Workflow file

Update main.yml #7

Jobs

Run details

Workflow file for this run