Welcome to the Atomic year in review! This year has been a big one for the Atomic family of projects, introducing new features, new tests, and the release of incredible educational content. These contributions have helped bring the project to the eyes of more people who can benefit from tests, and therefore improved the overall state of the security community.
This year, there was a clear trend in big-picture focus; from new platform support to a sharp increase in atomic tests, the year to come promises amazing things!
For the 2022 year in review, we’ll be looking at some of the statistics behind the project and the most notable content from the last year.
This year, we witnessed a sharp rise in the number of atomic tests contributed by the community, with a whopping 42% increase from 2021. 753 of you joined us in Slack (up 21% from the prior year), and the Atomic Red Team GitHub saw over 191,000 unique views (a 19% increase).
Near the end of September, we launched a new website with smarter search filters, ATT&CK coverage heat maps, and many more insights about Atomic Red Team. Compared to 648 views at the end of 2021, 17k visits is a 2658% increase!
While technically introduced in the final days of 2021, Atomic Operator is an important enough addition that it deserves a mention here. Thanks to the folks at Swimlane and Red Canary’s Josh Rickard, users can now run tests locally or remotely, create configurations for easier testing, run in a Python package or as a command-line tool, and execute atomics on any operating system.
One of the biggest changes to the project this year came in the form of a massive quality-of-life increase: this release of POSIX Atomic Test Harnesses made waves and helped increase usability of atomic tests for users on Linux and macOS. We’ve gotten great feedback on this improvement, especially on the choice to leverage Python. The announcement article for this feature contains helpful information on installation, purpose, and a few use cases to get you started.
Per maintainer Carrie Roberts: “This feature allows the atomics folder to be downloaded/installed without downloading any of the payloads in the /src or /bin directory since these files are likely to generate many alerts. Instead, you can use the getPrereqs feature to download any payloads you need for only those tests that you are going to run.” This was a big gamechanger for those running Invoke-AtomicRedTeam on limited resources, focusing on reduced log output, or those being selective on their tests.
This is an easy reference guide to the activity seen in this year’s threat report, codified for atomic users. Run tests that emulate the year’s most commonly seen threats and see how your detections stack up.
Red Canary’s Adam Mashinchi and Brian Donohue talk about Atomic Red Team in this episode of Risky Business. Host Patrick Gray asks about why Red Canary spends so much time in maintaining and working with Atomic Red Team, on usefulness for those that might not be trained security professionals, and some growing pains in producing so many POCs. (Starting at 44:14)
Maintainer Carrie Roberts and Antisyphon Training launched the Atomic Spotlight series to help people of all experience levels learn more about features of atomic projects. With 13 entries so far, the Atomic Spotlight series is an incredible ongoing resource for contributors and users alike.
Presenting at ATT&CKcon 3.0, Red Canary’s Adam Mashinchi and Brian Donohue review the Atomic Red Team project’s efforts to define and increase the test coverage of MITRE ATT&CK techniques, including challenges in defining coverage and how a project of Atomic Red Team’s scale is managed and maintained.
Cybersecurity writer Ross Haleliuk covers all things open source in the cybersecurity industry in his Venture in Security newsletter. History, notable projects, and common motivations towards open source are all on the table, and Atomic Red Team is no exception.
Red Canary’s Adam Mashinchi moderates a panel of experienced infosec community managers (Erica Peterson, Supriya Mazumdar, and Marrelle Bailey) as they talk about the importance of open source in creating a collaborative infosec community. With insights on project maintenance, support, and initial startup, this talk shines light on the time required to create an effective project.
Raspberry Robin was a hot topic this year, as sophisticated worms tend to be. This breakdown by Paul Michaud and Lauren Podber details how Raspberry Robin works and how you can emulate it using atomic tests.
Let’s make 2023 even better!
With such incredible contributions, it’s no surprise that the Atomic family is soaring far above where we ever imagined it would go. Want to help this project fly higher? Here’s how you can help:
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.