WELCOME

Welcome to this month's edition of the Atomic Newsletter, a monthly email with updates and news about Atomic Red Team™ and its related projects such as MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more. Check out the archive for previous editions, visit our website, chat with us on Slack and visit our new subreddit!

THE LATEST FROM ATOMIC RED TEAM

Better dependency management through automation

Atomic Red Team users or anyone interested in validating security controls and better understanding attack surfaces may find value in Dependabot Configurator, a new open source tool released by Red Canary. The tool helps automate dependency management throughout a user's GitHub repositories, ensuring security teams get the visibility and control they need to protect their organizations.

READ THE RELEASE BLOG

NEW AND FEATURED TESTS

T1049 - System Network Connections Discovery

Extends coverage with additional, more granular atomic tests across multiple platforms, including Windows PowerShell, Linux/macOS, and FreeBSD

T1562.003 - Impair Defenses: Impair Command History Logging

Fixes a formatting issue to escape the tilde character (~) to prevent formatting co~/.bash_history with a strikethrough

T1007 - System Service Discovery

Expands discovery methods with additional enumeration methods across Windows/Linux/ macOS to reflect how adversaries enumerate services and related mechanisms across different operating systems

ATOMIC IN THE WILD

Giving Atomic the AI reins

A fun follow up to last month's Atomic Red Team MCP Server news: In this video, cybersecurity researcher John Hammond gives a demonstration of the tool. After connecting it to Claude, he lets AI take the wheel and execute multiple tests, including executing several threat actor TTPs from the MITRE ATT&CK® Framework.

WATCH THE VIDEO

Building ClickFix detection logic

Sujal Chauhan, also known as CyberFreak on Medium, published this blog last month about how to use Atomic to simulate ClickFix attacks—including clipboard manipulation, RunMRU registry modification, and mshta.exe execution—and how to develop detection rules that can help identify the threat in real time.

READ THE BLOG

Aggregate all the threat intelligence

BloodSOCer, a new Bloodhound extension, maps MITRE ATT&CK, Sigma, and Atomic Red Team tests all in one graph. The project, recently shared by SpecterOps’ Mathieu Saulnier, aggregates threat intelligence data and produces JSON files to ingest in BloodHound in OpenGraph format. While the project contains multiple Python scripts, BloodSOCer.py, is all users need to jump in.

VISIT THE GITHUB REPO

Top contributors

Congratulations to our top contributor this month, vl43den!

First-time contributors

NEW ON-DEMAND WEBINAR

Inside Red Canary’s human-led, AI-powered SOC

Miss last month's webinar on Red Canary’s human-centric approach to AI in the SOC? Watch it anytime to learn how you can operationalize intelligence quickly, build agents and workflows you can trust, and more.