Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more. Visit our website and join the community chat with us on Slack!

The latest from Atomic Red Team
READ: Red Canary’s yearly analysis of customer testing

Fresh off the presses is Red Canary’s 2024 Threat Detection Report, which includes a section analyzing confirmed testing activity across customer environments. Find out which tools we see most often and which industries test more than others.

WATCH: Data source diversity on Atomics on a Friday

Joined by Jamie Williams, Nasreddine Bencherchali, and Jose Hernandez, Mike Haag and Paul Michaud discuss the importance of data source diversity and detections across all environments. From the ubiquitous security logs to the profound depths of kernel and EDR sources, your detection guides are here to help.

SIGN UP: Closing the Gap with Threat Actors

New Hampshire-based atomic enthusiasts, this event is for you! Chris Haller is giving a talk on March 20 at the Sig Sauer Academy about implementing atomic testing. Intended to help participants identify the gap between threat actor activities and MDR detections, this event will include the presentation and networking opportunities.

READ: Word Default Template Persistence - Part 1

This blog from researcher Daniel Cortez is a great deep dive into the use of Microsoft Word’s default template for malicious macro injection. The next two parts will cover the use of PowerShell to automate the macro injection process and the formatting of this behavior as an atomic test, respectively.

NEW TEST: JuicyPotato

This new test from contributor Leomon5 simulates a “JuicyPotato” privilege escalation attack, a technique observed in SnapMC ransomware campaigns, among others

New AtomicTestHarness for macOS

This POSIX AtomicTestHarness validates your detection for Reflective Code Loading on macOS, a technique explored in detail in this year’s Threat Detection Report.


Top contributors

  • ZitniH
  • jandress
  • Jake151
  • clr2of8
  • cyberbuff

New contributors

  • jandress
  • ZitniH
  • collinmsec
  • AekanutOak
  • swathinator
  • jj-cmyk
  • DefenderDaniel
  • jianni20
  • adelfavero57
The 2024 Threat Detection Report is here

Nearly every page of the Threat Detection Report includes custom Atomic Red Team tests for the most prevalent threats and ATT&CK techniques Red Canary detected last year.

  Twitter   LinkedIn   GitHub   YouTube   Slack