Atomics on a Friday returns

Atomics on a Friday made its triumphant return after four months away to discuss threat intelligence headlines, recent updates to LOLRMM, and walkthrough demos of Atomic Red Team-adjacent tools defenders can use for security testing.

WATCH VIDEO

NEW AND FEATURED TESTS

T1027.013 - Obfuscated Files or Information: Encrypted-Encoded File

Adversaries may encrypt or encode files to obfuscate strings, bytes, and other specific patterns to impede detection. This test will decode a Base64-encoded EICAR string and write it to file for AV/EDR to try to catch

T1546.015 – Event Triggered Execution: Component Object Model Hijacking

These tests mirror common persistence and execution techniques used by malware to hijack COM objects

T1204.002 - User Execution: Malicious File

This test simulates a ClickFix-style campaign by adding a malicious entry to the RunMRU registry key that launches mshta.exe with a remote payload

ATOMIC IN THE WILD

Adversary simulation made easy

Aiming to make it easier to generate realistic telemetry for detection engineering, Galen Fisher, a software architect, built MACAT, a tool for authoring, organizing, and running adversary simulation content. Fisher gives a walkthrough of the free tool, which integrates with Atomic Red Team and VECTR, in this YouTube video.

LEARN MORE

Test and verify Defender detections

Thomas Kurth, a principal security consultant and CEO, shared an open source tool, ShieldChecker, that helps validate custom Microsoft Defender XDR detections. The tool, which has the ability to import Atomic Red Team tests, is deployed in your own Azure tenant and executes real world attack scenarios to verify security controls.

TOUR THE PROJECT

How to emulate ATT&CK techniques with Atomic

Ashok Naik, a cybersecurity engineer by day, has begun sharing videos on YouTube demonstrating how to use Atomic for different MITRE ATT&CK techniques. In July, he shared five videos, including demonstrations of how to simulate T1218.002, T1218.001, and T1218.005—the misuse of mshta.exe.

WATCH THE VIDEOS

Top contributors

First-time contributors

UPCOMING TRAINING

Atomic Red Team 101

Based in Denver? Sharpen your testing skills with this hands-on Atomic Red Team workshop. Get a crash course on configuring a testing environment, running atomic tests, and crafting adversary emulations based on the latest threat intelligence. Register now as space is limited!

Want us to host a workshop in your city? Tell us where to go next!