Red Canary
Atomic Red Team
Surveyor
Start securing your endpoints today
Learn more about the security capabilities that can help you defend against today’s advanced threats.

Request a Demo

Problems We Solve
Featured Case Study

5 Reasons Organizations Outsource Security to Red Canary

READ MORE

Resource Center
Topics
Tools
Latest Resource

EDR Buyer’s Guide: 15 Questions to Answer

READ MORE

About Red Canary
Connect
Start securing your endpoints today
Learn more about the security capabilities that can help you defend against today’s advanced threats.

Request a Demo

OPEN SOURCE TOOL

Atomic Red Team

Atomic Red Team is an open source collection of small, highly portable tests mapped to the corresponding techniques in the MITRE ATT&CK framework. These tests can be used to validate detection and response technology and processes.

Get the Repo

Browse popular Atomic Red Team resources below to learn more.

Upcoming Events

Webinar | May 4th, 2018 | 1pm EST

Testing Your Defenses on MacOS and Linux

Securing and testing isn’t just for Windows systems. Organizations can suffer massive damage by overlooking testing of critical macOS and Linux systems. Join us to learn how to:

  • Identify specific post-exploitation techniques on Linux and macOS systems
  • Build and validate detection capabilities for these critical systems
  • Create a chain reaction to test multiple techniques together
Sign up for the next Atomic Red Team Webinar

 
 

EVENT | April 28-29, 2018

Using Atomic Red Team to Test Endpoint Solutions
 
 

WORKSHOP | May 8, 2018

Atomic Red Team Framework Training

Atomic Red Team Videos

VIDEO

How to Use Atomic Red Team Tests

Atomic Red Team is a suite of small, highly portable detection tests mapped to the MITRE ATT&CK™ Framework. Watch this video to learn how to test security controls against specific attack scenarios, identify gaps in prevention or detection, and use EDR data to quickly detect behaviors previously missed.

 
 

VIDEO

Lab 1 – Regsvr32 to Check Detection and Logging
 
 

VIDEO

Lab 2 – Chain Reaction, Using Multiple Commands
 
 

VIDEO

Lab 3 – Measure Progress and Impact

Atomic Red Team Articles

BLOG

An Introduction

An introduction to Atomic Red Team Tests with a mapping to the MITRE ATT&CK Framework. We cover the major test phases: execution, evidence collection, and detection.

 
 

BLOG

How to Test with the Atomic Red Team
 
 

BLOG

The Dragon’s Tail
 
 

BLOG

Testing Detection and Prevention Tools With Atomic Red Team “Chain Reactions”

Testing with Atomic Red Team is quite possibly the most important thing you can do this year. What can you detect?

John Strand Black Hills Information Security

Join the world’s leading defenders who trust us to secure their businesses

Schedule a Demo