AtomicTestHarnesses.psd1

@{

# Script module or binary module file associated with this manifest.
RootModule = 'Windows\AtomicTestHarnesses.psm1'

# Version number of this module.
ModuleVersion = '1.12.0.0'

# ID used to uniquely identify this module
GUID = '195a1637-d4a4-4cb3-8d80-5b5d4e3e930a'

# Author of this module
Author = 'Mike Haag, Jesse Brown, Matt Graeber, Jonathan Johnson, Jared Atkinson'

# Company or vendor of this module
CompanyName = 'Red Canary, Inc.'

# Copyright statement for this module
Copyright = '2022 Red Canary, Inc. All rights reserved.'

# Description of the functionality provided by this module
Description = 'A module to facilitate the testing of attack techniques and their corresponding procedures.'

# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '5.0'

# Assemblies that must be loaded prior to importing this module
RequiredAssemblies = @('Windows\TestHarnesses\T1218.007_Msiexec\Dependencies\Microsoft.Deployment.WindowsInstaller.dll')

# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Get-ATHDriverService',
                    'Get-ATHMSI',
                    'Invoke-ATHHTMLApplication',
                    'Invoke-ATHCompiledHelp',
                    'Invoke-ATHCORProfiler',
                    'Invoke-ATHCreateProcessWithToken',
                    'Invoke-ATHDumpLSASS',
                    'Invoke-ATHInjectedThread',
                    'Invoke-ATHLogonUser',
                    'Invoke-ATHMSBuild',
                    'Invoke-ATHRemoteFXvGPUDisablementCommand',
                    'Invoke-ATHTokenImpersonation',
                    'New-ATHService',
                    'Invoke-ATHMSI',
                    'New-ATHMSI',
                    'Out-ATHPowerShellCommandLineParameter',
                    'Remove-ATHService',
                    'Set-ATHRegistry',
                    'Start-ATHProcessHerpaderp',
                    'Start-ATHProcessUnderSpecificParent'
                    

# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{

    PSData = @{

        # Tags applied to this module. These help with module discovery in online galleries.
        Tags = @('Security', 'Defense')

        # A URL to the license for this module.
        LicenseUri = 'https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/LICENSE'

        # A URL to the main website for this project.
        ProjectUri = 'https://github.com/redcanaryco/AtomicTestHarnesses'

        # ReleaseNotes of this module
        ReleaseNotes = @'
1.12.0
------
Added:
* Set-ATHRegistry
 
Improvements:
* Documented the -DeleteServiceBinary switch in New-ATHService
 
1.11.0
------
Improvements:
* Changed New-ATHDriverService to New-ATHService
* Changed Remove-ATHDriverService to Remove-ATHService
* Added install variants to New-ATHService
* Added the ability to install/uninstall service types outside of drivers to New-ATHService
 
1.10.1
------
Improvements:
* Directory refactoring
 
1.10.0
------
Added:
* Invoke-ATHDumpLSASS
* Invoke-ATHLogonUser
 
1.9.0
-----
Added:
* New-ATHMSI
* Get-ATHMSI
* Invoke-ATHMSI
 
1.8.0
-----
Added:
* Invoke-ATHTokenImpersonation
* Invoke-ATHCreateProcessWithToken
 
1.7.0
-----
Added:
* New-ATHDriverService
* Get-ATHDriverService
* Remove-ATHDriverService
 
1.6.0
-----
Added:
* Invoke-ATHCorProfiler
 
1.5.0
-----
Added:
* Invoke-ATHInjectedThread
 
1.4.0
-----
Added:
* Invoke-ATHMSBuild
 
Improvements:
* Invoke-ATHCompiledHelp was returning the wrong MITRE technique ID. Thanks, Mike Haag (@M_haggis) for pointing out the issue and supplying the fix!
* Invoke-ATHCompiledHelp Pester tests were extracting the incorrect MITRE technique ID.
 
1.3.0
-----
Added:
* Start-ATHProcessHerpaderp
 
1.2.0
-----
Added:
* Invoke-ATHRemoteFXvGPUDisablementCommand
 
1.1.1
-----
Added:
* Out-ATHPowerShellCommandLineParameter
 
Improvements:
* Added tags to each individual Pester test so that tags are surfaced when Invoke-Pester is run with -PassThru.
* Tweaked an error handler in Start-ATHProcessUnderSpecificParent to have less aggressive handling logic.
 
1.0.0
-----
Added:
* Invoke-ATHHTMLApplication
* Invoke-ATHCompiledHelp
* Start-ATHProcessUnderSpecificParent
'@


    } # End of PSData hashtable

} # End of PrivateData hashtable

}