Atomic Red Team Logo.png
Atomic Newsletter
Welcome to the March edition of the Atomic Newsletter, a monthly email in which we will summarize the updates and news about Atomic Red Team™ and its related projects such as Atomic Friday, MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more!
Test Showcase
Highlighting new & novel atomics
This month, the Atomic Red Team maintainers wanted to showcase a couple of noteworthy new atomic tests that caught their eye!
PR #1748: T1098 - Role Manipulation in Azure AD
New contributor WojciechLesicki added four new tests for technique T1098: Account Manipulation, focusing on Azure by adding users and service principals to both AzureAD and Azure roles and running with PowerShell.
PR #1764: COM hijacking

First-time contributor  KelseySeymour created a test for T1546.015: Component Object Model Hijacking. The test uses PowerShell to hijack a reference to a Component Object Model (COM) that can be ultimately executed with rundll32.exe.
Video for your queue 
So, you want to build a community in infosec?

Two of our Atomic Red Team members, Adam Mashinchi and Marrelle Bailey, joined other community managers who shared their insights on how to build, maintain, and support various collaborative projects in the infosec world. If you missed the panel discussion you can watch the recording! 

Emotet is on the rise
Intelligence Insight
The February 2022 edition of Red Canary's Intelligence Insights documents the re-emergence of Emotet—a threat that warrants concern over its connection to ransomware in the past. While Emotet’s initial access tradecraft varies, the threat reliably leverages encoded PowerShell commands. You can test your ability to observe and detect this behavior with two of our PowerShell Atomic Test Harnesses (17 and 18).
Atomic Red Team community updates

Atomic Red Team cannot continue to be the amazing library it is without the time, effort, and contributions from the community and the project maintainers. We wanted to showcase some of the individuals who have taken the time to contribute changes and additions to Atomic Red Team!
New & top contributors in February
Top contributors:

  • Leomon5
  • frack113
  • glallen

Huge thanks to everyone who contributed to Atomic Red Team, and a special shout out to all of the first-time contributors:
  • BigPint
  • Zer1t0
  • tropChaud
  • ljstella
  • BlackB0lt
  • KelseySeymour
  • WojciechLesicki

We are here to help! 
Atomic Red Team maintainers
Meet our amazing team of maintainers, who create new tests, manage pull requests, mentor new contributors, and do so much more.
Bhavin Patel
Slack: Bhavin Patel
GitHub:  patel-bhavin

Carl Petty
Carl Petty
Slack: Carl Petty
GitHub: int5-grey

Carrie Roberts
Carrie Roberts
Slack: OrOneEqualsOne
GitHub:  clr2of8

Jose Hernandez
Jose Hernandez
Slack: Jose Hernandez
GitHub:  d1vious

Matt Graeber
Matt Graeber
Slack: mattifestation
GitHub:   mattifestation

Mike Haag
Mike Haag
Slack: Mike Haag
GitHub: MHaggis

Featured blog
Brian Donohue walks through how to run Atomic Red Team tests directly through Microsoft Defender for Endpoint's user portal.
Hands-on learning
Watch a live training brought to you by Black Hills Information Security with Carrie and Darin Roberts.

Join us!
Atomic Red Team depends on community contributions to increase technique coverage across platforms.
Be a part of the Atomic community

Atomic Red Team is developed by a community of thousands of computer security advocates, practitioners, and enthusiasts. Come say hi on the Atomic Red Team Slack!

©2024 Red Canary All rights reserved.
1601 19th Street, Suite 900, Denver, CO 80202 | Unsubscribe

You received this email as a promotion of Red Canary. Click to adjust your preferences.