Atomics on a Friday March Madness kicks off with four weeks of streaming content on all things Atomic family! Featuring purple team planning strategies, TTP prioritization, and post-test detections and analytics, this set of streams is bound to be a great time for the testing aficionado. Watch the first stream recording here.

Maintainer Carrie Roberts will discuss lessons learned in the journey to continuous validation and introduce the Atomic Runner tool, which will be released to the security community at the conference. Learn more about implementing continuous end-to-end prevention and detection validation on April 15.

This article by researcher Securitricks is an excellent deep dive on sysmon as a tool, its purposes for administrators and adversaries alike, and testing using Invoke-Atomic. Initial Access, Data Exfiltration, and Scheduled Task tests using sysmon are all detailed here.

It’s conference season! March 30-31 is CypherCon. Matthew Lange and Gary Lobermier are bringing testing and validation to the party with atomics and automation at scale, introducing their custom YAML schema for procedure tracking.

Contributor 0xv1n had their commit merged this month, a test that adds coverage for AWS Cloud Discovery commands run from EC2. Stratus is utilized to spin up and tear down needed testing infrastructure, similar to prior cloud coverage in the atomic repo. This marks the first test for the T1580 technique!

Contributor johnbrydon added several tests for T1614.001. Similar to the Windows tests already in this sub-technique, these tests can discover the system language by querying system files and through executing commands that return various environment variables.

This test from contributor tropChaud displays the system time using the Windows time command. Emulating activity recently seen in the wild from Ursnif, this test is the most recent addition to T1124.

Contributor biot-2131 added four new tests to T1059.004. These commands search for the running shells on the system, available shells on the system, and test for successive command attempts within a terminal session. The final test attempts to run shell commands but with Base64 encoding.