Atomic Red Team Logo.png
Atomic Newsletter
Welcome to the September edition of the Atomic Newsletter, a monthly email in which we will summarize the updates and news about Atomic Red Team™ and its related projects such as Atomic Friday, MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more!
Test Showcase
Highlighting new & novel atomics
This month the Atomic Red Team maintainers wanted to showcase a couple of noteworthy new atomic tests that caught their eye!
ADFS certificates theft

Retrieving ADFS signing tokens and encryption keys is the first step in being able to spoof an ADFS-provided signed security token to elevate privileges or move laterally.

This works especially well in environments that are leveraging ADFS federation for single-sign-on (SSO) authentication like SAML 2.0 apps and Office 365.

This was the most novel and impactful element of the GoldenSAML attack against Microsoft Office 365 by the Nobelium actor group.
Protocol tunneling
(DNS over HTTPS)
This test added three DNS over HTTPS atomics, where we had none; all from a first-time contributor!

Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems.

Command and control (C2) queries can be encapsulated within encrypted HTTPS packets known as DNS over HTTPS. The Godlua malware uses DNS over HTTPS to block researchers from analyzing its traffic.
How do you (yes, you!) use Atomic Red Team?

Videos for your queue
Atomic Friday alum presents at Black Hat 2021
Mauricio Velazco, longtime friend of the Atomic family, gave a Black Hat presentation on how his PurpleSharp open source tool can help you simulate attacks that leverage Active Directory.
Invoke-AtomicRedTeam now in PowerShell Gallery
Thanks to the amazing Atomic Red Team maintainers, the Invoke-AtomicRedTeam module is now available in the PowerShell Gallery. Now, it is even easier to download and install it:

Install-Module -Name invoke-atomicredteam -Scope CurrentUser
Atomic Red Team community updates

Atomic Red Team cannot continue to be the amazing library it is without the time, effort, and contributions from the community and the project maintainers. We wanted to showcase some of the individuals who have taken the time to contribute changes and additions to Atomic Red Team!
New & top contributors in August
Top contributors:
  • bnt1006
  • chdd-ltd
  • esanyaCode
  • JChamblee99
  • morgansec
  • security-geek
  • ZeArioch

Huge thanks to everyone who contributed to Atomic Red Team, and a special shout out to all of the first-time contributors:
  • ZeArioch
  • esanyaCode
  • security-geek
  • sc0o
  • chdd-ltd
  • Bradichus
  • JChamblee99
  • bryan-wendt

We are here to help! 
Atomic Red Team maintainers
Meet our amazing team of maintainers, who create new tests, manage pull requests, mentor new contributors, and do so much more.
Bhavin Patel
Slack: Bhavin Patel
GitHub:  patel-bhavin

Carl Petty
Carl Petty
Slack: Carl Petty
GitHub: rc-grey

Carrie Roberts
Carrie Roberts
Slack: OrOneEqualsOne
GitHub:  clr2of8

Jose Hernandez
Jose Hernandez
Slack: Jose Hernandez
GitHub:  d1vious

Matt Graeber
Matt Graeber
Slack: mattifestation
GitHub:   mattifestation

Mike Haag
Mike Haag
Slack: Mike Haag
GitHub: MHaggis

Check out the 1-hour webcast "Atomic Red Team: Hands-on Getting Started Guide" with Carrie and Darin Roberts.
Hands-on learning
Sign up for a live training brought to you by Black Hills Information Security with Carrie and Darin Roberts.
Join us!
Atomic Red Team depends on community contributions to increase technique coverage across platforms.
Be a part of the Atomic community

Atomic Red Team is developed by a community of thousands of computer security advocates, practitioners, and enthusiasts. Come say hi on the Atomic Red Team Slack!
Twitter      LinkedIn      YouTube
©2023 Red Canary All rights reserved.
1515 Wynkoop Street, Suite 390, ​​​​Denver, CO 80202 | Unsubscribe