Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more. Visit our website and join the community chat with us on Slack!

The latest from Atomic Red Team
Purple Teaming with ARTifacts

Learn how to run atomic tests hands-free on endpoints! Using Velociraptor artifacts, Wes Lambert covers purple teaming logic and atomic test setup for purple teamers short on time.

Sniffing out BloodHound

Although it has legitimate uses, BloodHound can be a real threat to environments running Active Directory. Using Atomic Red Team test 3 (Run Bloodhound from Memory using Download Cradle) in T1059.001, Sai Prashanth Pulisetti showcases how to detect BloodHound using Windows system logs.

Atomic Spotlight: Persistence with Command Process Auto Run Registry Key

Need persistence? Maintainer Carrie Roberts discusses more persistence methods, this time with a spotlight on persistent code execution through Windows command prompt (cmd.exe).

Compile After Delivery

Adversaries often deliver uncompiled code onto a target's system. In this tutorial, Parth (a Security Analyst from SharkStriker) walks you through Invoke-AtomicRedTeam and the Compile After Delivery tests (T1027.004).


Top contributors

  • clr2of8
  • packetzero
  • blueteam0ps
  • tr4cefl0w
  • cnotin

New contributors

  • cigdemtosun
  • 0xv1n
  • codec-hasqui
Conference Feature: DEATHCon 2022 - Mapping Detection Coverage

In this presentation, Jared Atkinson and Jonathan Johnson discuss the importance of testing telemetry coverage and using abstraction to build a representative sample set of atomic tests to validate detection coverage.

  Twitter   LinkedIn   GitHub   YouTube   Slack