security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,237 Commits 47 Branches 0 Tags
2cc534831278741c59c60cf99dcfbcfdec065752
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Haag 2cc5348312 Fix T1551 to T1070 (#1161) 
* Fix T1551 to T1070

Found that we had T1070 labeled incorrectly as T1551. MITRE pushed a fix for this per https://attack.mitre.org/resources/updates/updates-july-2020/

```
Indicator Removal on Host Was incorrectly re-IDd to T1551, restored to T1070 and its sub-techniques were changed to T1070.001, T1070.002, T1070.003, T1070.004, T1070.005, and T1070.006
```

* Generate MD fix

Attempting to get the MD to generate

* Update enterprise-attack.json

* Generate docs from job=validate_atomics_generate_docs branch=T1070-indicator-removal-fix

Co-authored-by: CircleCI Atomic Red Team doc generator <email>
2020-08-01 09:46:06 -06:00
.circleci
debugging
2020-05-08 00:35:40 -06:00
.github
No need to shout (#1128)
2020-07-16 09:10:35 -06:00
ARTifacts
Update Discovery.bat (#1154)
2020-07-23 09:57:55 -06:00
atomic_red_team
Fix T1551 to T1070 (#1161)
2020-08-01 09:46:06 -06:00
atomics
Fix T1551 to T1070 (#1161)
2020-08-01 09:46:06 -06:00
bin
Convert to Mitre ATT&CK sub-technique schema (#1056)
2020-06-17 12:55:46 -06:00
docs
add link to PR tutorial (#1117)
2020-07-13 20:00:42 -06:00
execution-frameworks
Add Golang repo to execution frameworks README (#1013)
2020-07-20 14:46:26 -06:00
.gitignore
remove markdown files from gitignore (#1058)
2020-06-17 19:19:57 -06:00
atomic-red-team.gemspec
Add microsite (#250)
2018-06-13 19:33:59 -06:00
CODE_OF_CONDUCT.md
Update contact email address
2018-06-15 07:26:02 -06:00
Gemfile
Add microsite (#250)
2018-06-13 19:33:59 -06:00
Gemfile.lock
Bump nokogiri from 1.10.4 to 1.10.8 (#839)
2020-02-25 15:35:09 -07:00
LICENSE.txt
move bin scripts into bin, apis into atomic-red-team
2018-05-11 06:49:20 +02:00
README.md
delete old indexes (#925)
2020-04-03 11:36:55 -06:00

README.md

Atomic Red Team

CircleCI

Atomic Red Team allows every security team to test their controls by executing simple "atomic tests" that exercise the same techniques used by adversaries (all mapped to Mitre's ATT&CK).

Philosophy

Atomic Red Team is a library of simple tests that every security team can execute to test their controls. Tests are focused, have few dependencies, and are defined in a structured format that be used by automation frameworks.

Three key beliefs made up the Atomic Red Team charter:

  • Teams need to be able to test everything from specific technical controls to outcomes. Our security teams do not want to operate with a “hopes and prayers” attitude toward detection. We need to know what our controls and program can detect, and what it cannot. We dont have to detect every adversary, but we do believe in knowing our blind spots.

  • We should be able to run a test in less than five minutes. Most security tests and automation tools take a tremendous amount of time to install, configure, and execute. We coined the term "atomic tests" because we felt there was a simple way to decompose tests so most could be run in a few minutes.

    The best test is the one you actually run.

  • We need to keep learning how adversaries are operating. Most security teams dont have the benefit of seeing a wide variety of adversary types and techniques crossing their desk every day. Even we at Red Canary only come across a fraction of the possible techniques being used, which makes the community working together essential to making us all better.

See: https://atomicredteam.io

Having trouble?

Join the community on Slack at https://atomicredteam.slack.com

Getting Started

Code of Conduct

In order to have a more open and welcoming community, Atomic Red Team adheres to a code of conduct.

License

See the LICENSE file.

Reference in New Issue View Git Blame Copy Permalink
S
Description
Atomic Red Team test automation and mapping
Readme 563 MiB
Languages
C 38.7%
PowerShell 13.3%
Go 11.4%
Java 7.8%
C# 6.8%
Other 21.7%