Atomic Red Team support

Dockerfile

@@ -0,0 +1,8 @@
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0
+
+ADD . /src
+WORKDIR /src
+RUN go build -o /ttpforge main.go
+WORKDIR /
+
+ENTRYPOINT [ "/ttpforge" ]

docs/TranslationGuide.md

@@ -0,0 +1,44 @@
+# Atomic Red Team tests consumption by TTPForge
+
+This doc provides step-by-step guide to migrate ART tests to TTPForge format and run them.
+
+
+## Conventions of the source
+
+Located in the [redcanaryco/atomic-red-team](https://github.com/redcanaryco/atomic-red-team) repo on github. The `atomics` directory contains a library of YAML files categorized by MITRE TTP ids as sub-directory names.
+Each YAML file contains several _Atomic tests_ (or implementations) of the unique TTP.  Those tests differ by targeted platform, toolchain, and the actual way of acheiving the goal.
+Each test might have unique parameters to be passed via command line, prerequisites and instructions to funlfill those prerequisites.
+Executor is the program which is used to perform required actions to excersise the test.
+
+
+## Steps required for translation
+
+The TTPForge engine supports only one implementation of a TTP per file.  This is why you should expect several new files to appear in the target directory. By default the resulting YAML files have unique UUID as its name.  This UUID is taken from the corresponding  test.
+Each resulting file has MITRE TTP id tags as well as platform requirements.
+Resulting YAML file has all arguments defined in the corresponding Atomic test.
+
+Please note that the Prerequisites concept is not supported by TTPForge engine.  This is why check for such prerequisites and their acquisition is kept as a separate step in the resulting YAML file.
+
+
+## The guidance
+
+0. Checkout the branch containing the translation script (see [the PR](https://github.com/inesusvet/TTPForge/pull/1) in my fork of TTPForge).
+0. Install [the Mage](https://magefile.org/) build tool for Go in order to run the translation script.
+0. Select a YAML file from the ART library to traslate to TTPForge format.
+0. Run the translation script passing diretory containing the ART YAML file.
+For example `mage convertYAMLSchema ~/atomic-red-team/atomics/T1003.002`
+0. Test the translated YAML file with TTPForge.
+
+
+## Testing
+
+As the majority of Atomic tests are Windows specific, let's describe the testing approach using this platform.
+
+0. Enable Windows Sandbox following [the official guide](https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview) to evade EDR noise.
+0. Download latest TTPForge binary [release](https://github.com/facebookincubator/TTPForge/releases) from github.
+0. Run TTPForge on transalted YAML file using `--dry-run` mode
+0. Run TTPForge for real life.
+
+
+## Feedback
+Please send your questions to the [original issue](https://github.com/facebookincubator/TTPForge/issues/83) on github.

magefiles/go.mod

@@ -0,0 +1,16 @@
+module magefile
+
+go 1.23
+
+toolchain go1.23.1
+
+require (
+	github.com/facebookincubator/ttpforge v1.2.1
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require (
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/rogpeppe/go-internal v1.13.1 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+)

magefiles/go.sum

@@ -0,0 +1,25 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/facebookincubator/ttpforge v1.2.1 h1:eLi26wnnJC/sCsUd5WZfXTj9r55Vzf4tTzFfZvKPbJ4=
+github.com/facebookincubator/ttpforge v1.2.1/go.mod h1:7GXbcsYR0HsPPZoAMC9J99fkkDsQ5UhpixJf42DFDXk=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=