README.md

<p><img src="https://redcanary.com/wp-content/uploads/Atomic-Red-Team-Logo.png" width="150px" /></p>

# Atomic Red Team
[![CircleCI](https://circleci.com/gh/redcanaryco/atomic-red-team.svg?style=svg)](https://circleci.com/gh/redcanaryco/atomic-red-team)

Atomic Red Team allows every security team to test their controls by executing simple
"atomic tests" that exercise the same techniques used by adversaries (all mapped to
[Mitre's ATT&CK](https://attack.mitre.org)).

## Philosophy

Atomic Red Team is a library of simple tests that every security team can execute to test their controls. Tests are
focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.

Three key beliefs made up the Atomic Red Team charter:
- **Teams need to be able to test everything from specific technical controls to outcomes.**
  Our security teams do not want to operate with a “hopes and prayers” attitude toward detection. We need to know
  what our controls and program can detect, and what it cannot. We don’t have to detect every adversary, but we
  do believe in knowing our blind spots.

- **We should be able to run a test in less than five minutes.**
  Most security tests and automation tools take a tremendous amount of time to install, configure, and execute.
  We coined the term "atomic tests" because we felt there was a simple way to decompose tests so most could be
  run in a few minutes.

  The best test is the one you actually run.

- **We need to keep learning how adversaries are operating.**
  Most security teams don’t have the benefit of seeing a wide variety of adversary types and techniques crossing
  their desk every day. Even we at Red Canary only come across a fraction of the possible techniques being used,
  which makes the community working together essential to making us all better.

See: https://atomicredteam.io

## Having trouble?

Join the community on Slack at [https://atomicredteam.slack.com](https://atomicredteam.slack.com) ([Request Invite](https://docs.google.com/forms/d/e/1FAIpQLSc3oMtugGy--6kcYiY52ZJQQ-iOaEy-UpxfSA37IlA5wCMV0A/viewform?usp=sf_link))

## Getting Started

* [Getting Started With Atomic Red Team](https://github.com/redcanaryco/atomic-red-team/wiki/About-Atomic-Red-Team)
* Automated Test Execution with the [Execution Frameworks](https://github.com/redcanaryco/atomic-red-team/wiki/Executing-Atomic-Tests#execute-an-atomic-test-with-an-execution-framework)
* Peruse the Complete list of Atomic Tests ([md](atomics/Indexes/Indexes-Markdown/index.md), [csv](atomics/Indexes/Indexes-CSV/index.csv)) and the [ATT&CK Matrix](atomics/Indexes/Matrices/matrix.md)
  - Windows [Matrix](atomics/Indexes/Matrices/windows-matrix.md) and tests by tactic ([md](atomics/Indexes/Indexes-Markdown/windows-index.md), [csv](atomics/Indexes/Indexes-CSV/windows-index.csv))
  - MacOS [Matrix](atomics/Indexes/Matrices/macos-matrix.md) and tests by tactic ([md](atomics/Indexes/Indexes-Markdown/macos-index.md), [csv](atomics/Indexes/Indexes-CSV/macos-index.csv))
  - Linux [Matrix](atomics/Indexes/Matrices/linux-matrix.md) and tests by tactic ([md](atomics/Indexes/Indexes-Markdown/linux-index.md), [csv](atomics/Indexes/Indexes-CSV/linux-index.csv))
* Using [ATT&CK Navigator](https://github.com/mitre-attack/attack-navigator)? Check out our coverage layers ([All](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json), [Windows](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json), [MacOS](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json), [Linux](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json))
* [Fork](https://github.com/redcanaryco/atomic-red-team/fork) and [Contribute](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) your own modifications
* Have questions? Join the community on Slack at [https://atomicredteam.slack.com](https://atomicredteam.slack.com)
    * Need a Slack invitation? Submit an invite request via this [Google Form](https://docs.google.com/forms/d/e/1FAIpQLSc3oMtugGy--6kcYiY52ZJQQ-iOaEy-UpxfSA37IlA5wCMV0A/viewform?usp=sf_link)

## Code of Conduct

In order to have a more open and welcoming community, Atomic Red Team adheres to a
[code of conduct](CODE_OF_CONDUCT.md).

## License

See the [LICENSE](https://github.com/redcanaryco/atomic-red-team/blob/master/LICENSE.txt) file.
-											Point to correct logo
										
										
											2018-05-23 17:34:41 -06:00
+								<p><img src="https://redcanary.com/wp-content/uploads/Atomic-Red-Team-Logo.png" width="150px" /></p>
-											update CONTRIBUTIONS and README to cover the new file structure, document APIs, etc
										
										
											2018-05-21 20:43:04 +02:00
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
+								# Atomic Red Team
-											first cut of atomic docs generator
										
										
											2018-05-10 13:25:40 -06:00
+								[![CircleCI](https://circleci.com/gh/redcanaryco/atomic-red-team.svg?style=svg)](https://circleci.com/gh/redcanaryco/atomic-red-team)
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								Atomic Red Team allows every security team to test their controls by executing simple
-											changed url to avoid 404 (#259)
										
										
											2018-06-21 08:54:17 -06:00
+								"atomic tests" that exercise the same techniques used by adversaries (all mapped to
-											Update the Readme to point to the new Wiki (#1192)
										
										
											2020-08-18 11:31:09 -06:00
+								[Mitre's ATT&CK](https://attack.mitre.org)).
-											Stickers!
										
										
											2018-02-20 16:31:29 -05:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								## Philosophy
-											Moved matrices
										
										
											2017-10-19 13:32:26 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								Atomic Red Team is a library of simple tests that every security team can execute to test their controls. Tests are
-											typo fix (#1187)
										
										
											2020-08-11 13:35:09 -06:00
+								focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.
-											Moved matrices
										
										
											2017-10-19 13:32:26 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								Three key beliefs made up the Atomic Red Team charter:
 								- **Teams need to be able to test everything from specific technical controls to outcomes.**
-											changed url to avoid 404 (#259)
										
										
											2018-06-21 08:54:17 -06:00
+								  Our security teams do not want to operate with a “hopes and prayers” attitude toward detection. We need to know
 								  what our controls and program can detect, and what it cannot. We don’t have to detect every adversary, but we
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								  do believe in knowing our blind spots.
-											Moved matrices
										
										
											2017-10-19 13:32:26 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								- **We should be able to run a test in less than five minutes.**
-											changed url to avoid 404 (#259)
										
										
											2018-06-21 08:54:17 -06:00
+								  Most security tests and automation tools take a tremendous amount of time to install, configure, and execute.
 								  We coined the term "atomic tests" because we felt there was a simple way to decompose tests so most could be
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								  run in a few minutes.
-											Moved matrices
										
										
											2017-10-19 13:32:26 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								  The best test is the one you actually run.
-											Moved matrices
										
										
											2017-10-19 13:32:26 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								- **We need to keep learning how adversaries are operating.**
-											changed url to avoid 404 (#259)
										
										
											2018-06-21 08:54:17 -06:00
+								  Most security teams don’t have the benefit of seeing a wide variety of adversary types and techniques crossing
 								  their desk every day. Even we at Red Canary only come across a fraction of the possible techniques being used,
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								  which makes the community working together essential to making us all better.
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											changed url to avoid 404 (#259)
										
										
											2018-06-21 08:54:17 -06:00
+								See: https://atomicredteam.io
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								## Having trouble?
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add "Request Invite" next to Slack Link (#1538)
										
										
											2021-06-29 10:15:51 -07:00
+								Join the community on Slack at [https://atomicredteam.slack.com](https://atomicredteam.slack.com) ([Request Invite](https://docs.google.com/forms/d/e/1FAIpQLSc3oMtugGy--6kcYiY52ZJQQ-iOaEy-UpxfSA37IlA5wCMV0A/viewform?usp=sf_link))
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								## Getting Started
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Update the Readme to point to the new Wiki (#1192)
										
										
											2020-08-18 11:31:09 -06:00
+								* [Getting Started With Atomic Red Team](https://github.com/redcanaryco/atomic-red-team/wiki/About-Atomic-Red-Team)
-											Update README.md (#1302)
										
										
											2020-11-30 11:18:32 -05:00
+								* Automated Test Execution with the [Execution Frameworks](https://github.com/redcanaryco/atomic-red-team/wiki/Executing-Atomic-Tests#execute-an-atomic-test-with-an-execution-framework)
-											fix csv link
										
										
											2020-08-19 09:29:26 -06:00
+								* Peruse the Complete list of Atomic Tests ([md](atomics/Indexes/Indexes-Markdown/index.md), [csv](atomics/Indexes/Indexes-CSV/index.csv)) and the [ATT&CK Matrix](atomics/Indexes/Matrices/matrix.md)
-											delete old indexes (#925)
										
										
											2020-04-03 11:36:55 -06:00
+								  - Windows [Matrix](atomics/Indexes/Matrices/windows-matrix.md) and tests by tactic ([md](atomics/Indexes/Indexes-Markdown/windows-index.md), [csv](atomics/Indexes/Indexes-CSV/windows-index.csv))
 								  - MacOS [Matrix](atomics/Indexes/Matrices/macos-matrix.md) and tests by tactic ([md](atomics/Indexes/Indexes-Markdown/macos-index.md), [csv](atomics/Indexes/Indexes-CSV/macos-index.csv))
 								  - Linux [Matrix](atomics/Indexes/Matrices/linux-matrix.md) and tests by tactic ([md](atomics/Indexes/Indexes-Markdown/linux-index.md), [csv](atomics/Indexes/Indexes-CSV/linux-index.csv))
 								* Using [ATT&CK Navigator](https://github.com/mitre-attack/attack-navigator)? Check out our coverage layers ([All](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json), [Windows](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json), [MacOS](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json), [Linux](atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json))
-											Update the Readme to point to the new Wiki (#1192)
										
										
											2020-08-18 11:31:09 -06:00
+								* [Fork](https://github.com/redcanaryco/atomic-red-team/fork) and [Contribute](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) your own modifications
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								* Have questions? Join the community on Slack at [https://atomicredteam.slack.com](https://atomicredteam.slack.com)
-											Update the Slack Invite Request URL
										
										
											2021-03-11 15:15:00 -08:00
+								    * Need a Slack invitation? Submit an invite request via this [Google Form](https://docs.google.com/forms/d/e/1FAIpQLSc3oMtugGy--6kcYiY52ZJQQ-iOaEy-UpxfSA37IlA5wCMV0A/viewform?usp=sf_link)
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								## Code of Conduct
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								In order to have a more open and welcoming community, Atomic Red Team adheres to a
 								[code of conduct](CODE_OF_CONDUCT.md).
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											Add microsite (#250)
										
										
											2018-06-13 19:33:59 -06:00
+								## License
-											Readme Update
										
										
											2017-10-19 13:27:16 -07:00
-											changed url to avoid 404 (#259)
										
										
											2018-06-21 08:54:17 -06:00
+								See the [LICENSE](https://github.com/redcanaryco/atomic-red-team/blob/master/LICENSE.txt) file.