Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®Invoke-AtomicRedTeamAtomicTestHarnesses, and more. Visit our website and chat with us on Slack!

If you're reading this online, subscribe to get the newsletter sent to your inbox. Check out the archive for previous editions. 


A victory lap for


We recently launched Atomic-Runner, an automation feature for the Invoke-AtomicRedTeam execution framework that allows you to run a configurable list of atomic tests unattended via a service or scheduled task at your desired cadence. Along with Windows, this script works on Linux and macOS environments that have PowerShell Core installed. 

Gone LNK phishing

This technical deep dive from the Splunk Research Team highlights several ways to emulate malicious LNK files, including an Atomic Red Team test for T1547.009, which uses uses PowerShell to create a LNK file in the Startup directory that will spawn cmd.exe.


Top contributors 
First-time contributors 
Atomic in the wild
WATCH: Atomic Red Team at RSA 

At this year's RSA Conference, Brian Donohue and Adam Mashinichi spoke on how to build a rapid cybersecurity validation program with open-source frameworks, public threat intelligence, and generative AI. Watch their talk to learn how to construct robust atomic tests, develop detection analytics, and prioritize detection efforts.
Join Red Canary’s Gerry Johansen on May 31 as he presents how to use Atomic Red Team to validate your defenses against ransomware attacks.
Catch the Atomic-Football

Contributor "Mad White Hatter" created this fun GUI that launches a set of PowerShell scripts for executing Atomic Red Team tests, managing exclusions in various security products, and handling setup and dependencies for smooth execution.

  Twitter   LinkedIn   GitHub   YouTube   Slack