Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®Invoke-AtomicRedTeamAtomicTestHarnesses, and more. Visit our website and join the community chat with us on Slack!


Locate LOLBins with LOLBASLine

Magic Sword recently released this PowerShell tool, which identifies the presence and execution of various living-off-the-land binaries and scripts (LOLBAS). 

  • Watch Atomic Red Team maintainers Mike Haag and Jose Hernandez demo the tool during an episode of Atomics on a Friday

  • Dig into the GitHub repo yourself

Haag needs your help

Atomic Red Team co-creator and longtime maintainer Mike Haag created two new suites of atomic tests on his personal repo--and he could use your help adding them to Atomic Red Team.

If you're never committed before, now is your chance to get that free t-shirt! 

Hidden scheduled tasks


Inspired by research from Binary Defense, Haag created this suite of tests for various techniques adversaries use to hide scheduled tasks on Windows.


Forest Blizzard exploiting CVE-2022-38028


This collection of tests validates detection for various techniques used by the Russian threat actor Forest Blizzard to elevate privileges and steal credentials.

Top contributors 
First-time contributors 
Atomic in the wild
Join Red Canary’s Gerry Johansen on May 31 as he presents how to use Atomic Red Team to validate your defenses against ransomware attacks.
ATT&CK-View, now with atomic tests!

Cyber Distance’s ATT&CK View and relational data model now include atomic tests to help you ensure threat intelligence and emulation plans are robust and effective.

  Twitter   LinkedIn   GitHub   YouTube   Slack