Skip to content

Commit 4fd52ec

Browse files
mgraeber-rcmgraeber-rc
committed
Adding Invoke-ATHMSBuild
1 parent a2647fb commit 4fd52ec

File tree

4 files changed

+1291
-5
lines changed

4 files changed

+1291
-5
lines changed

AtomicTestHarnesses.psd1

+11-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
RootModule = 'AtomicTestHarnesses.psm1'
55

66
# Version number of this module.
7-
ModuleVersion = '1.3.0.0'
7+
ModuleVersion = '1.4.0.0'
88

99
# ID used to uniquely identify this module
1010
GUID = '195a1637-d4a4-4cb3-8d80-5b5d4e3e930a'
@@ -27,6 +27,7 @@ PowerShellVersion = '5.0'
2727
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
2828
FunctionsToExport = 'Invoke-ATHHTMLApplication',
2929
'Invoke-ATHCompiledHelp',
30+
'Invoke-ATHMSBuild',
3031
'Invoke-ATHRemoteFXvGPUDisablementCommand',
3132
'Out-ATHPowerShellCommandLineParameter',
3233
'Start-ATHProcessHerpaderp',
@@ -48,6 +49,15 @@ PrivateData = @{
4849

4950
# ReleaseNotes of this module
5051
ReleaseNotes = @'
52+
1.4.0
53+
-----
54+
Added:
55+
* Invoke-ATHMSBuild
56+
57+
Improvements:
58+
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
59+
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.
60+
5161
1.3.0
5262
-----
5363
Added:

Readme.md

+5-4
Original file line numberDiff line numberDiff line change
@@ -97,10 +97,11 @@ Specific groups of tests can be run rather than running all available tests. The
9797
3. `Technique` - Tests that exercise specific attack technique functionality
9898
4. `T1055` - [Process Injection](https://attack.mitre.org/techniques/T1055/)
9999
5. `T1059.001` - [Command and Scripting Interpreter: PowerShell](https://attack.mitre.org/techniques/T1059/001/)
100-
6. `T1134.004` - [Access Token Manipulation: Parent PID Spoofing](https://attack.mitre.org/techniques/T1134/004/)
101-
7. `T1218.001` - [Signed Binary Proxy Execution: Compiled HTML File](https://attack.mitre.org/techniques/T1218/001/)
102-
8. `T1218` - [Signed Binary Proxy Execution](https://attack.mitre.org/techniques/T1218/)
103-
9. `T1218.005` - [Signed Binary Proxy Execution: Mshta](https://attack.mitre.org/techniques/T1218/005/)
100+
6. `T1127.001` - [Trusted Developer Utilities Proxy Execution: MSBuild](https://attack.mitre.org/techniques/T1127/001/)
101+
7. `T1134.004` - [Access Token Manipulation: Parent PID Spoofing](https://attack.mitre.org/techniques/T1134/004/)
102+
8. `T1218.001` - [Signed Binary Proxy Execution: Compiled HTML File](https://attack.mitre.org/techniques/T1218/001/)
103+
9. `T1218` - [Signed Binary Proxy Execution](https://attack.mitre.org/techniques/T1218/)
104+
10. `T1218.005` - [Signed Binary Proxy Execution: Mshta](https://attack.mitre.org/techniques/T1218/005/)
104105

105106
## Running Tests
106107

0 commit comments

Comments
 (0)