Atomic Red Team™

A library of simple, focused tests mapped to the MITRE ATT&CK® matrix. Each test runs in five minutes or less, and many tests come with easy-to-use configuration and cleanup commands.

Learn More

The Maintainers

Atomic Red Team is maintained by an amazing group of volunteers who review and approve all of the changes to the following projects.

Learn More

ATT&CK Coverage

The Atomic Red Team community is constantly working to improve the project’s breadth and depth coverage of MITRE ATT&CK® Techniques.

Learn More


A PowerShell-based framework for developing and executing atomic tests. With PowerShell Core, security teams can execute tests across multiple platforms and over a network.

Learn More

Atomic Test Harnesses

A PowerShell module for executing many variations of an attack technique at once. AtomicTestHarnesses also includes tests to validate test execution and telemetry.

Learn More

Chain Reactor

A tool for testing detection and response coverage on Linux machines. Chain Reactor produces customizable executables that simulate sequences of actions like process creation and network connection.

Learn More

Red Canary Blog

Read about using Atomic Red Team in our blog entries covering testing and validation.

Learn More

Video Tutorials

Watch instructional videos about Atomic Red Team on this YouTube playlist.

Watch Now