Atomic Red Team Logo.png
 
 
Atomic Newsletter
 
 
Welcome to the September edition of the Atomic Newsletter, a monthly email in which we will summarize the updates and news about Atomic Red Team™ and its related projects such as Atomic Friday, MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more!
 
 
 
 
 
Test Showcase
Highlighting new & novel atomics
 
This month the Atomic Red Team maintainers wanted to showcase a couple of noteworthy new atomic tests that caught their eye!
 
 
 
 
T1552.004:
ADFS certificates theft

 
Retrieving ADFS signing tokens and encryption keys is the first step in being able to spoof an ADFS-provided signed security token to elevate privileges or move laterally.

This works especially well in environments that are leveraging ADFS federation for single-sign-on (SSO) authentication like SAML 2.0 apps and Office 365.

This was the most novel and impactful element of the GoldenSAML attack against Microsoft Office 365 by the Nobelium actor group.
 
 
T1572:
Protocol tunneling
(DNS over HTTPS)
 
This test added three DNS over HTTPS atomics, where we had none; all from a first-time contributor!

Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems.

Command and control (C2) queries can be encapsulated within encrypted HTTPS packets known as DNS over HTTPS. The Godlua malware uses DNS over HTTPS to block researchers from analyzing its traffic.
 
 
 
 
 
 
How do you (yes, you!) use Atomic Red Team?
 



 
 
 
 
 
 
Videos for your queue
Atomic Friday alum presents at Black Hat 2021
 
Mauricio Velazco, longtime friend of the Atomic family, gave a Black Hat presentation on how his PurpleSharp open source tool can help you simulate attacks that leverage Active Directory.
 
 
 
 
 
 
Invoke-AtomicRedTeam now in PowerShell Gallery
 
Thanks to the amazing Atomic Red Team maintainers, the Invoke-AtomicRedTeam module is now available in the PowerShell Gallery. Now, it is even easier to download and install it:

Install-Module -Name invoke-atomicredteam -Scope CurrentUser
 
 
 
Atomic Red Team community updates
 
 
 
 
 

Atomic Red Team cannot continue to be the amazing library it is without the time, effort, and contributions from the community and the project maintainers. We wanted to showcase some of the individuals who have taken the time to contribute changes and additions to Atomic Red Team!
 
 
New & top contributors in August
 
 
Top contributors:
  • bnt1006
  • chdd-ltd
  • esanyaCode
  • JChamblee99
  • morgansec
  • security-geek
  • ZeArioch







Huge thanks to everyone who contributed to Atomic Red Team, and a special shout out to all of the first-time contributors:
  • ZeArioch
  • esanyaCode
  • security-geek
  • sc0o
  • chdd-ltd
  • Bradichus
  • JChamblee99
  • bryan-wendt

 
 
 
 
 
We are here to help! 
Atomic Red Team maintainers
 
Meet our amazing team of maintainers, who create new tests, manage pull requests, mentor new contributors, and do so much more.
 
 
 
 
Bhavin Patel
 
Slack: Bhavin Patel
GitHub:  patel-bhavin

 
Carl Petty
 
Carl Petty
 
Slack: Carl Petty
GitHub: rc-grey


 
Carrie Roberts
 
Carrie Roberts
 
Slack: OrOneEqualsOne
GitHub:  clr2of8


 
 
 
Jose Hernandez
 
Jose Hernandez
 
Slack: Jose Hernandez
GitHub:  d1vious

 
Matt Graeber
 
Matt Graeber
 
Slack: mattifestation
GitHub:   mattifestation

 
Mike Haag
 
Mike Haag
 
Slack: Mike Haag
GitHub: MHaggis

 
 
 
 
On-demand
 
Check out the 1-hour webcast "Atomic Red Team: Hands-on Getting Started Guide" with Carrie and Darin Roberts.
 
 
Hands-on learning
 
Sign up for a live training brought to you by Black Hills Information Security with Carrie and Darin Roberts.
 
 
Join us!
 
Atomic Red Team depends on community contributions to increase technique coverage across platforms.
 
 
 
 
 
 
Be a part of the Atomic community

Atomic Red Team is developed by a community of thousands of computer security advocates, practitioners, and enthusiasts. Come say hi on the Atomic Red Team Slack!
 
 
 
 
 
 
 
Twitter      LinkedIn      YouTube
 
©2023 Red Canary All rights reserved.
1515 Wynkoop Street, Suite 390, ​​​​Denver, CO 80202
https://redcanary.com | Unsubscribe