WELCOME
 

Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®Invoke-AtomicRedTeamAtomicTestHarnesses, and more. Visit our website and chat with us on Slack!

If you're reading this online, subscribe to get the newsletter sent to your inbox. Check out the archive for previous editions. 
 
 

A victory lap for

Atomic-Runner


We recently launched Atomic-Runner, an automation feature for the Invoke-AtomicRedTeam execution framework that allows you to run a configurable list of atomic tests unattended via a service or scheduled task at your desired cadence. Along with Windows, this script works on Linux and macOS environments that have PowerShell Core installed. 
 
 
 
 
Gone LNK phishing
 

This technical deep dive from the Splunk Research Team highlights several ways to emulate malicious LNK files, including an Atomic Red Team test for T1547.009, which uses uses PowerShell to create a LNK file in the Startup directory that will spawn cmd.exe.

READ MORE
 
 
 
Top contributors 
 
First-time contributors 
 
 
 
 
Atomic in the wild
 
 
WATCH: Atomic Red Team at RSA 
 
At this year's RSA Conference, Brian Donohue and Adam Mashinichi spoke on how to build a rapid cybersecurity validation program with open-source frameworks, public threat intelligence, and generative AI. Watch their talk to learn how to construct robust atomic tests, develop detection analytics, and prioritize detection efforts.
Join Red Canary’s Gerry Johansen on May 31 as he presents how to use Atomic Red Team to validate your defenses against ransomware attacks.
 
Catch the Atomic-Football
 

Contributor "Mad White Hatter" created this fun GUI that launches a set of PowerShell scripts for executing Atomic Red Team tests, managing exclusions in various security products, and handling setup and dependencies for smooth execution.
 
GO LONG
 
  Twitter   LinkedIn   GitHub   YouTube   Slack