DetonatorAgent is a tool designed for Red Team engagements, focusing on malware execution and EDR (Endpoint Detection and Response) log collection. It operates through a REST API, allowing users to execute files and gather telemetry to assess whether their attacks remain undetected. The primary functions include executing malware and collecting logs, which helps teams determine the effectiveness of their initial access strategies. If malware is detected during testing, DetonatorAgent provides insights into the detection, including why the malware was flagged. The tool is closely tied to RedEdr, which collects similar telemetry data as traditional EDR systems. By integrating DetonatorAgent with RedEdr, users can improve their malware testing reliability. The setup requires .NET 8.0 SDK and Asp.Net. Users can run the agent with specific configurations for various EDR solutions, like Microsoft Defender. The API allows for file execution and retrieval of EDR alerts, giving users the ability to see the real-time detection status of their executed files. Execution is straightforward: files are written to a specified directory and run using standard Windows processes. For .zip or .iso files, the tool extracts and executes the first file alphabetically. There are options for specifying execution modes and parameters for executables. After running malware, users can fetch EDR logs to review alerts generated during the execution period. Cleanup commands are also available to terminate processes and remove temporary files. Overall, DetonatorAgent streamlines the process of testing malware while providing essential feedback through EDR logs.