Atomic Red Team Logo.png
 
 
Atomic Newsletter
 
 
Welcome to the March edition of the Atomic Newsletter, a monthly email in which we will summarize the updates and news about Atomic Red Team™ and its related projects such as Atomic Friday, MITRE ATT&CK®, Invoke-AtomicRedTeam, AtomicTestHarnesses, and more!
 
 
 
 
 
Test Showcase
Highlighting new & novel atomics
 
This month, the Atomic Red Team maintainers wanted to showcase a couple of noteworthy new atomic tests that caught their eye!
 
 
 
 
PR #1748: T1098 - Role Manipulation in Azure AD
 
New contributor WojciechLesicki added four new tests for technique T1098: Account Manipulation, focusing on Azure by adding users and service principals to both AzureAD and Azure roles and running with PowerShell.
 
 
PR #1764: COM hijacking

 
First-time contributor  KelseySeymour created a test for T1546.015: Component Object Model Hijacking. The test uses PowerShell to hijack a reference to a Component Object Model (COM) that can be ultimately executed with rundll32.exe.
 
 
 
 
 
 
Video for your queue 
So, you want to build a community in infosec?
 

Two of our Atomic Red Team members, Adam Mashinchi and Marrelle Bailey, joined other community managers who shared their insights on how to build, maintain, and support various collaborative projects in the infosec world. If you missed the panel discussion you can watch the recording! 
 
 
 
 
 
 
Emotet is on the rise
Intelligence Insight
 
The February 2022 edition of Red Canary's Intelligence Insights documents the re-emergence of Emotet—a threat that warrants concern over its connection to ransomware in the past. While Emotet’s initial access tradecraft varies, the threat reliably leverages encoded PowerShell commands. You can test your ability to observe and detect this behavior with two of our PowerShell Atomic Test Harnesses (17 and 18).
 
 
 
 
 
 
Atomic Red Team community updates
 
 
 
 
 

Atomic Red Team cannot continue to be the amazing library it is without the time, effort, and contributions from the community and the project maintainers. We wanted to showcase some of the individuals who have taken the time to contribute changes and additions to Atomic Red Team!
 
 
New & top contributors in February
 
 
Top contributors:

  • Leomon5
  • frack113
  • glallen





Huge thanks to everyone who contributed to Atomic Red Team, and a special shout out to all of the first-time contributors:
  • BigPint
  • Zer1t0
  • tropChaud
  • ljstella
  • BlackB0lt
  • KelseySeymour
  • WojciechLesicki

 
 
 
 
 
We are here to help! 
Atomic Red Team maintainers
 
Meet our amazing team of maintainers, who create new tests, manage pull requests, mentor new contributors, and do so much more.
 
 
 
 
Bhavin Patel
 
Slack: Bhavin Patel
GitHub:  patel-bhavin

 
Carl Petty
 
Carl Petty
 
Slack: Carl Petty
GitHub: int5-grey


 
Carrie Roberts
 
Carrie Roberts
 
Slack: OrOneEqualsOne
GitHub:  clr2of8


 
 
 
Jose Hernandez
 
Jose Hernandez
 
Slack: Jose Hernandez
GitHub:  d1vious

 
Matt Graeber
 
Matt Graeber
 
Slack: mattifestation
GitHub:   mattifestation

 
Mike Haag
 
Mike Haag
 
Slack: Mike Haag
GitHub: MHaggis

 
 
 
 
Featured blog
 
Brian Donohue walks through how to run Atomic Red Team tests directly through Microsoft Defender for Endpoint's user portal.
 
 
Hands-on learning
 
Watch a live training brought to you by Black Hills Information Security with Carrie and Darin Roberts.

 
 
Join us!
 
Atomic Red Team depends on community contributions to increase technique coverage across platforms.
 
 
 
 
 
 
Be a part of the Atomic community

Atomic Red Team is developed by a community of thousands of computer security advocates, practitioners, and enthusiasts. Come say hi on the Atomic Red Team Slack!
 
 
 
 
 
 
 
Twitter      LinkedIn      YouTube
 

©2022 Red Canary All rights reserved.
1601 19th Street, Suite 900, Denver, CO 80202
https://redcanary.com | Unsubscribe

You received this email as a promotion of Red Canary. Click to adjust your preferences.