diff --git a/README.md b/README.md index f75d6da9..8aec4bbc 100644 --- a/README.md +++ b/README.md @@ -4,33 +4,33 @@ [![CircleCI](https://circleci.com/gh/redcanaryco/atomic-red-team.svg?style=svg)](https://circleci.com/gh/redcanaryco/atomic-red-team) Atomic Red Team allows every security team to test their controls by executing simple -"atomic tests" that exercise the same techniques used by adversaries (all mapped to +"atomic tests" that exercise the same techniques used by adversaries (all mapped to [Mitre's ATT&CK](https://attack.mitre.org/wiki/Main_Page)). ## Philosophy Atomic Red Team is a library of simple tests that every security team can execute to test their controls. Tests are -focused, have few dependencies, and are defined in a structured format that be used by automation frameworks. +focused, have few dependencies, and are defined in a structured format that be used by automation frameworks. Three key beliefs made up the Atomic Red Team charter: - **Teams need to be able to test everything from specific technical controls to outcomes.** - Our security teams do not want to operate with a “hopes and prayers” attitude toward detection. We need to know - what our controls and program can detect, and what it cannot. We don’t have to detect every adversary, but we + Our security teams do not want to operate with a “hopes and prayers” attitude toward detection. We need to know + what our controls and program can detect, and what it cannot. We don’t have to detect every adversary, but we do believe in knowing our blind spots. - **We should be able to run a test in less than five minutes.** - Most security tests and automation tools take a tremendous amount of time to install, configure, and execute. - We coined the term "atomic tests" because we felt there was a simple way to decompose tests so most could be + Most security tests and automation tools take a tremendous amount of time to install, configure, and execute. + We coined the term "atomic tests" because we felt there was a simple way to decompose tests so most could be run in a few minutes. The best test is the one you actually run. - **We need to keep learning how adversaries are operating.** - Most security teams don’t have the benefit of seeing a wide variety of adversary types and techniques crossing - their desk every day. Even we at Red Canary only come across a fraction of the possible techniques being used, + Most security teams don’t have the benefit of seeing a wide variety of adversary types and techniques crossing + their desk every day. Even we at Red Canary only come across a fraction of the possible techniques being used, which makes the community working together essential to making us all better. -See: https://atomicredteam.io/philosophy +See: https://atomicredteam.io ## Having trouble? @@ -57,4 +57,4 @@ In order to have a more open and welcoming community, Atomic Red Team adheres to ## License -See the [LICENSE](https://github.com/redcanaryco/atomic-red-team/blob/master/LICENSE.txt) file. \ No newline at end of file +See the [LICENSE](https://github.com/redcanaryco/atomic-red-team/blob/master/LICENSE.txt) file.