Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more. Visit our website and join the community chat with us on Slack!

The latest from Atomic Red Team
Getting Started with Atomic (SANS HackFest 2022)

Maintainer Carrie Roberts gives an extensive overview of the purpose and methodology behind Atomic Red Team, how to navigate the project, and some useful emulation scenarios for new and seasoned users alike.

Atomic habits, atomic tests

Make it habitual! Testing is not one-and-done, so establishing a regular testing schedule is one of the best things you can do for your security posture. Keith McCammon explores how you can set up a testing cadence based on the book Atomic Habits by James Clear.

Fantastic IIS Modules and How to Find Them

Our friends at Splunk write about the importance of detecting Internet Information Services (IIS) modules, response methods, and of course, testing with atomics that emulate IIS modules.

Atomics on a Friday with Mike and Paul—IIS Modules

Paul and Mike review how IIS modules work and how you can test against them, sourcing from the above Splunk article and their own experience with IIS modules.

Introducing T1201: AWS Password Policy

This new test from contributor cyberbuff verifies the current AWS password policy and retrieves its details for the tester.

T1112: Mimic Ransomware Registry Modification

Contributor Leomon5 added two new tests to the Modify Registry technique, based off of research from Trend Micro, intended to emulate Mimic ransomware. These tests attempt to emulate the modification of the target’s registry to enable multiple user and RDP sessions.


Top contributors

  • MSAdministrator
  • biot-2131
  • Haggis

New contributors

  • yogisec
  • MSAdministrator
  • yonatan424
  • biot-2131
  • ForensicITGuy
  • dlee35
  • aman143kri
  • tvjust
  • devapriya16
AntiSyphon Training: Attack Emulation Tools

Carrie Roberts hosts this training on attack emulation tools, intended to help participants measure, monitor, and improve security controls by running scripted attacks (like those found in Atomic Red Team, of course!).

  Twitter   LinkedIn   GitHub   YouTube   Slack