We're so happy to have Josh Rickard as our newest maintainer! As the creator of Atomic-Operator, he's already contributed a lot to the Atomic family as well as the entire open source space.

It's time for our first year in review! We rounded up some of the most popular updates to the Atomic family and some of the most popular resources related to Atomic.

Threat Detection Engineer Micah Babinski writes on the use of Atomic Red Team in understanding detections and the gaps between them in a playful examination of how real-world attack techniques.

Security professional Sai Prashanth Pulisetti provides a useful guide on how to run T1059.001 to abuse NSLookup and examine from ELK, even providing a custom Sigma rule to capture events in multiple instances.

Enabling LSA Protection configures Windows to control the information stored in memory (like hashes and clear-text passwords) in a more secure fashion—specifically, to prevent non-protected processes from accessing that data. Upon successful execution, the registry will be modified and RunAsPPL will be set to 0, disabling LSASS protection.

Adversaries who have permissions can run malicious commands in containers in the cluster using exec command (`docker exec`). In this method, adversaries can use legitimate images such as an OS image (e.g., Ubuntu) as a backdoor container, and run their malicious code remotely by using `docker exec`. Kinsing (Golang-based malware) was executed with an Ubuntu container entry point that runs shell scripts.