This month, the Atomic Red Team maintainers wanted to showcase a couple of noteworthy new atomic tests that caught their eye!
PR #1810: Disable Windows Application
One of our first time contributors
tcconte, created 25 new atomic tests mimicking registry changes made by a variety of malware. Check out tests 9, 10, and 11 that emulate techniques used by Agent Tesla malware.
Another first time contributor,
Hush-pup, created two new tests for the sub-technique of T1564.006 that are focused on virtual machine (VM) creation. Check out the implementations Hush-pup created.
The
Threat Detection Report is out, so what can you do with it? The report examines the top
techniques Red Canary observed in confirmed threats across its customer base in 2021, offering tips for detection, validation, and more. If you want to dive deeper, try running the atomic included in the PowerShell section, which emulates an adversary executing encoded PowerShell commands.
Atomic Red Team Hands-on Getting Started Guide w/Carrie & Darin Roberts
Join one of our Maintainers, Carrie Roberts, in her one-hour webcast about how to get started with Atomic Red Team. Sign up today to join her, Darin Roberts, and the team at Black Hills on April 21st at 1:00 pm (Eastern Time).
The
March 2022 edition of Red Canary's Intelligence Insights includes information about a new worm called Raspberry Robin that's been spreading via USB drives. It shows up as a malicious shortcut (LNK) file on a USB device. The insight includes detection opportunities, and the following atomic should generate relevant telemetry to validate the efficacy of the Raspberry Robin detection opportunity.
Check out our maintainer Carrie Roberts' video on the new feature added to Invoke-AtomicRedTeam that was created by the VECTR team. See how you can gather execution details and import them into the VECTR tool.
Atomic Red Team cannot continue to be the amazing library it is without the time, effort, and contributions from the community and the project maintainers. We wanted to showcase some of the individuals who have taken the time to contribute changes and additions to Atomic Red Team!
New & top contributors in March
Top contributors:
ttcontre
Leomon5
MHaggis
frack113
SecWilson
Huge thanks to everyone who contributed to Atomic Red Team, and a special shout out to all of the first-time contributors:
kpairitzrc
jovial7
hush-pup
RobinvandenHurk
rahul-bs
automate-tim
tccontre
SecWilson
We are here to help!
Atomic Red Team maintainers
Meet our amazing team of maintainers, who create new tests, manage pull requests, mentor new contributors, and do so much more.
Atomic Red Team is developed by a community of thousands of computer security advocates, practitioners, and enthusiasts. Come say hi on the Atomic Red Team Slack!
