Install Invoke Atomic - Adam-Mashinchi/invoke-atomicredteam GitHub Wiki

A guide to installing Invoke-Atomic and its prerequisites.

Contents
Prepare your environment
Install PowerShell Core
Install Invoke-Atomic
- Using optional parameters
- Fixing an Import-Module error
Install Atomic Red Team
- Adding Atomic Red Team to an existing installation
Start testing

Prepare your environment

Before you use Invoke-Atomic, you'll need the following:

Permission to test. Always ask your environment owner for permission before executing an atomic test.
A test machine. Set up a machine that mimics the build of your environment. Make sure your security solution is active.

Install PowerShell Core

Invoke-Atomic requires PowerShell version 5.0 or later.

To install the framework on macOS or Linux, you need PowerShell Core. See Installing PowerShell Core on macOS or Installing PowerShell Core on Linux for details.

Install Invoke-Atomic

To install Invoke-Atomic, open PowerShell and run this command:

IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam

By default, Invoke-Atomic is installed in <home>/AtomicRedTeam, where <home> is C: on Windows and ~ on macOS and Linux.

Using optional parameters

You can use the following parameters to customize your installation:

-InstallPath Change the installation path. Default: "<home>/AtomicRedTeam".
-Force Replace a previous installation.
-RepoOwner Install from a different GitHub repository. Default: "redcanaryco".
-Branch Install from a different repository branch. Default: "master".

Fixing an Import-Module error

If you get an Import-Module error that says the module "cannot be loaded because running scripts is disabled on this system," run the following:

powershell -exec bypass

You can also bypass execution policy with one of these methods. We recommend method 12 to start.

Install Atomic Red Team

By default, Invoke-Atomic doesn't come bundled with the library of atomic tests defined by Atomic Red Team. This is because Atomic Red Team contains tests that can cause antivirus alerts in your environment. Before you install the library, consider adding the Invoke-Atomic installation directory to your antivirus allowlist.

To install Atomic Red Team at the same time as Invoke-Atomic, add the -getAtomics flag to the installation command:

IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam -getAtomics

If you already have a copy of Atomic Red Team in your environment, you can replace it by adding the -Force flag:

IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam -getAtomics -Force

Adding Atomic Red Team to an existing installation

You can add Atomic Red Team to an existing installation of Invoke-Atomic:

IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicsfolder.ps1' -UseBasicParsing);
Install-AtomicsFolder

Start testing

Once you've installed Invoke-Atomic, you're ready to start testing. Read Import the module to get started.