| The latest from Atomic Red Team |
| |
|
|
| |
|
|
 |
| |
| Purple Teaming with ARTifacts |
| |
| Learn how to run atomic tests hands-free on endpoints! Using Velociraptor artifacts, Wes Lambert covers purple teaming logic and atomic test setup for purple teamers short on time. |
|
|
|
 |
| |
| Sniffing out BloodHound |
| |
| Although it has legitimate uses, BloodHound can be a real threat to environments running Active Directory. Using Atomic Red Team test 3 (Run Bloodhound from Memory using Download Cradle) in T1059.001, Sai Prashanth Pulisetti showcases how to detect BloodHound using Windows system logs. |
|
|
|
|
| Atomic Spotlight: Persistence with Command Process Auto Run Registry Key |
| |
| Need persistence? Maintainer Carrie Roberts discusses more persistence methods, this time with a spotlight on persistent code execution through Windows command prompt (cmd.exe). |
|
|
|
| Compile After Delivery |
| |
| Adversaries often deliver uncompiled code onto a target's system. In this tutorial, Parth (a Security Analyst from SharkStriker) walks you through Invoke-AtomicRedTeam and the Compile After Delivery tests (T1027.004). |
|
|
|
|
Top contributors
- clr2of8
- packetzero
- blueteam0ps
- tr4cefl0w
- cnotin
|
|
New contributors
- cigdemtosun
- 0xv1n
- codec-hasqui
|
|
| |
| Conference Feature: DEATHCon 2022 - Mapping Detection Coverage |
| |
| In this presentation, Jared Atkinson and Jonathan Johnson discuss the importance of testing telemetry coverage and using abstraction to build a representative sample set of atomic tests to validate detection coverage. |
| |
| |
WATCH NOW  |
|
| |
|
| |
|
|
|
