Atomic Red Team Logo.png
Atomic Newsletter
Welcome to the April edition of the Atomic Newsletter, a monthly email in which we will summarize the updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more!
Test Showcase
Highlighting new & novel atomics
This month, the Atomic Red Team maintainers wanted to showcase a couple of noteworthy new atomic tests that caught their eye!
PR #1810: Disable Windows Application
One of our first time contributors  tcconte, created 25 new atomic tests mimicking registry changes made by a variety of malware. Check out tests 9, 10, and 11 that emulate techniques used by Agent Tesla malware.
PR #1826: Two Tests for Run Virtual Instance 
Another first time contributor,  Hush-pup, created two new tests for the sub-technique of T1564.006 that are focused on virtual machine (VM) creation. Check out the implementations Hush-pup created.
2022 Threat Detection Report is LIVE!
The Threat Detection Report is out, so what can you do with it? The report examines the top  techniques Red Canary observed in confirmed threats across its customer base in 2021, offering tips for detection, validation, and more. If you want to dive deeper, try running the atomic included in the PowerShell section, which emulates an adversary executing encoded PowerShell commands.
Atomic Red Team Hands-on Getting Started Guide w/Carrie & Darin Roberts
Join one of our Maintainers, Carrie Roberts, in her one-hour webcast about how to get started with Atomic Red Team. Sign up today to join her, Darin Roberts, and the team at Black Hills on April 21st at 1:00 pm (Eastern Time).
A new find: Raspberry Robin activity cluster
Intelligence Insights
The March 2022 edition of Red Canary's Intelligence Insights includes information about a new worm called Raspberry Robin that's been spreading via USB drives. It shows up as a malicious shortcut (LNK) file on a USB device. The insight includes detection opportunities, and the following atomic should generate relevant telemetry to validate the efficacy of the Raspberry Robin detection opportunity.
Video on queue
Invoke AtomicRedTeam and Attire Logging
Check out our maintainer Carrie Roberts' video on the new feature added to Invoke-AtomicRedTeam that was created by the VECTR team. See how you can gather execution details and import them into the VECTR tool.
Atomic Red Team community updates
Atomic Red Team cannot continue to be the amazing library it is without the time, effort, and contributions from the community and the project maintainers. We wanted to showcase some of the individuals who have taken the time to contribute changes and additions to Atomic Red Team!
New & top contributors in March
Top contributors:
  • ttcontre
  • Leomon5
  • MHaggis
  • frack113
  • SecWilson

Huge thanks to everyone who contributed to Atomic Red Team, and a special shout out to all of the first-time contributors:
  • kpairitzrc
  • jovial7
  • hush-pup
  • RobinvandenHurk
  • rahul-bs
  • automate-tim
  • tccontre
  • SecWilson

We are here to help! 
Atomic Red Team maintainers
Meet our amazing team of maintainers, who create new tests, manage pull requests, mentor new contributors, and do so much more.
Bhavin Patel
Slack: Bhavin Patel
GitHub:  patel-bhavin

Carl Petty
Carl Petty
Slack: Carl Petty
GitHub: int5-grey

Carrie Roberts
Carrie Roberts
Slack: OrOneEqualsOne
GitHub:  clr2of8

Jose Hernandez
Jose Hernandez
Slack: Jose Hernandez
GitHub:  d1vious

Matt Graeber
Matt Graeber
Slack: mattifestation
GitHub:   mattifestation

Mike Haag
Mike Haag
Slack: Mike Haag
GitHub: MHaggis

Featured blog
Brian Donohue walks through how to run Atomic Red Team tests directly through Microsoft Defender for Endpoint's user portal.
Hands-on learning
Watch a live training brought to you by Black Hills Information Security with Carrie and Darin Roberts.

Join us!
Atomic Red Team depends on community contributions to increase technique coverage across platforms.
Be a part of the Atomic community

Atomic Red Team is developed by a community of thousands of computer security advocates, practitioners, and enthusiasts. Come say hi on the Atomic Red Team Slack!

©2024 Red Canary All rights reserved.
1601 19th Street, Suite 900, Denver, CO 80202 | Unsubscribe

You received this email as a promotion of Red Canary. Click to adjust your preferences.