Home

This framework includes a series of scripts, which we hope will grow and evolve over time, intended to empower and enable the testing of security tools and processes, against evolving tactics that take advantage of AutoIT, AutoHotKey (AHK), and possibly other similar tools for host scripting, automation, and remote management.

Some of these scripts will include the capability to deliver a payload and establish a shell, using which you may transfer the remainder of the scripts to test the full scope of capabilities, to determine what you block/detect, and what you do not. I am imagining the most common use case will be for red/purple teamers (with proper authorization), to test these tools in their environment, to see how security controls and response procedures respond to this set of TTPs.

Over the short-term, we hope the framework grows and matures, becoming a valuable toolset for red and purple teams. We hope that over the long term, this project is archived and one day becomes a memory, because the practical use of AutoIT/AHK by adversaries has faded into distant memory.

While the structure of the project/folders, etc. are relatively straightforward, for those who may find it helpful, we have provided some more detailed context and instructions organized as wiki articles for each topic/phase/folder.