There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off early.
As we discussed, we really want the next chapter of Atomic Red Team to be highly interactive. So please join us on Slack with your questions, feedback, and ideas! Remember…
Audience Q & A
Is the directory structure for the additional files necessary for standardized testing? For example, are the payload files always intended to be in the ../src/ directory?
With the restructure, we moved all payloads into the respective MITRE ATT&CK™ Technique directory. For example, T1117 which discusses Regsvr32 has the associated .sct payload in the same directory as the YAML file. Moving forward, any additional payloads will be added to the correct ATT&CK technique directory.
Will Atomic Red Team and Caldera support the Industrial Control System (ICS) techniques immediately?
Atomic Red Team technique additions move as fast as the contributors. For more information on contributing to Atomic Red Team, visit: https://atomicredteam.io.
Did Blake say in the beginning of this discussion that MITRE will deprecate the ATT&CK matrix?
This summer MITRE will be rolling out a new website that will be STIX/TAXII based. Additional information may be found here on MITRE’s website.
What is the difference between Atomic Red Team and CALDERA?
CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks.
Atomic Red Team is an arsenal of technique methods to automate or manually run in your environment to assess visibility across your security stack.
Can we run Caldera on VMs? For example, a server on one VM and agents on others?
Yes, the CALDERA server can run on a VM and is agent-based (Windows only) so it can be installed on Windows VMs.
Are there plans to create a tool or specific process to automate tests within the Atomic Red Team project? Or is the intent for teams to build out their own automation tools to work with the YAML files?
All 2021 Threat Detection Report content is fully available through this website. If you prefer to download a PDF, just fill out this form and let us know what email to send it to.
Thanks for your interest!
Check your inbox, the 2021 Threat Detection Report is headed your way.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.