Problem: When invoking all tests, on tactic T1529 windows shuts down, other tests are not executed because of that

Question

Problem: When invoking all tests, on tactic T1529 windows shuts down, other tests are not executed because of that

ghost6-2 opened this issue 6 months ago · 0 comments

What did you do?

ℹ Please replace this with what you did.
I used the script from your github page to invoke all tests:

$techniques = gci C:\AtomicRedTeam\atomics* -Recurse -Include T*.yaml | Get-AtomicTechnique

foreach ($technique in $techniques) {
foreach ($atomic in $technique.atomic_tests) {
if ($atomic.supported_platforms.contains("windows") -and ($atomic.executor -ne "manual")) {
# Get Prereqs for test
Invoke-AtomicTest $technique.attack_technique -TestGuids $atomic.auto_generated_guid -GetPrereqs
# Invoke
Invoke-AtomicTest $technique.attack_technique -TestGuids $atomic.auto_generated_guid -ExecutionLogPath 'C:\Users\user1\log.csv'
# Sleep then cleanup
Start-Sleep 3
Invoke-AtomicTest $technique.attack_technique -TestGuids $atomic.auto_generated_guid -Cleanup
}
}
}

What did you expect to happen?

ℹ Please replace this with what you expected to happen.
Other tests after T1529 are not executed, which they should.

What happened instead?

ℹ Please replace this with of what happened instead.
When the test come to T1529 which is System Shutdown/Reboot, the machine shutdowns and all other tests who are behind T1529 are cancelled.

Your Environment

OS Name: Microsoft Windows Server 2022 Standard
OS Version: 10.0.20348 N/A Build 20348