Deployment Environments
Invoke-AtomicRedTeam can be run inside isolated execution environments, such as container environments, virtual clusters, or secure local sandboxes.
1. Docker Deployment
You can run containerized tests inside isolated instances using the official multi-architecture Dockerfile support for Windows and Linux containers.
Build and Run locally
Build the image using the provided Dockerfile located inside the docker/ folder:
docker build -t invoke-atomicredteam:latest docker/ -f docker/Dockerfile
Launch the container interactively. This initiates a PowerShell session with the module pre-loaded and the definitions directory mapped under default search directories:
docker run -it invoke-atomicredteam:latest pwsh
Image Internals
The image installs required packages (build-essential, at, curl, nmap, ssh, etc.) to satisfy standard test dependencies, installs the execution framework, and mounts system configuration profiles:
FROM mcr.microsoft.com/powershell:latest
SHELL ["pwsh", "-Command"]
RUN IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); \
Install-AtomicRedTeam -getAtomics
RUN New-Item $PROFILE -Force
COPY ./setup.ps1 .
RUN ./setup.ps1
2. Kubernetes Orchestration
Deploy the execution container to a Kubernetes namespace using the configured deployment manifest (kubernetes/k8s-deployment.yaml):
apiVersion: apps/v1
kind: Deployment
metadata:
name: atomicred
namespace: atomic-red
labels:
app: atomicred
spec:
replicas: 1
selector:
matchLabels:
app: atomicred
template:
metadata:
labels:
app: atomicred
spec:
containers:
- name: atomicred
image: redcanary/invoke-atomicredteam
imagePullPolicy: "IfNotPresent"
command: ["sleep", "3560d"]
securityContext:
privileged: true
nodeSelector:
kubernetes.io/os: linux
Apply the manifest to your cluster:
kubectl apply -f kubernetes/k8s-deployment.yaml
Run command sequences directly within the pod's container context:
kubectl exec -it deployment/atomicred -n atomic-red -- pwsh -Command "Invoke-AtomicTest T1003 -ShowDetailsBrief"
3. Windows Sandbox Environment
For quick testing on a local Windows host without making permanent configuration changes, utilize the Windows Sandbox configuration file (sandbox/art.wsb):
- Double-click
art.wsbto spin up an isolated, temporary instance of Windows Sandbox. -
The sandbox automatically runs the login command to download and run the bootstrap script
setupsandbox.ps1:Set-ExecutionPolicy Bypass -Scope Process -Force; Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force # Fetches and installs the module with definitions inside sandbox workspace Install-AtomicRedTeam -getAtomics -Force; -
An isolated powershell session with loaded variables will launch. You can now execute and observe attack commands safely without leaving residual artifacts on your host system.
Common Pitfalls
- Isolation Limits: When running inside containerized environments, certain low-level actions (such as kernel-level operations, driver loading, or system reboots) will not function as expected due to shared kernel models. Use virtualization-based environments (like virtual machines or Windows Sandbox) for tests that require deep operating system modifications.
- Missing Tooling: Minimal container images lack administrative binaries that exist on standard operating systems. Utilize
-GetPrereqsinside the deployment container to install required tools prior to testing.
To view execution guidelines, refer to the Usage Guide. To configure persistent environment paths, see Configuration.