Small and highly portable detection tests based on MITRE's ATT&CK.

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Implant drop-in for EDR testing

A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.

MCP server for Atomic Red Team

Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques

A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.

A simple tool designed to create Atomic Red Team tests with ease.

go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project (https://github.com/redcanaryco/atomic-red-team).

Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.

Windows GUI/Execution Engine for Atomic Red Team Atomics

No description available

The Atomic Playbook contains TTPs from the MITRE ATT&CK framework mapped to the tests in the Atomic Red Team. It serves as a single resource to know about the tests, it's execution, detection and defense techniques from MITRE Shield.

OG Atomic Red Team

This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam

BasicEventViewer4 (BEV v4.0), this code will useful for All Blue/Purple Teams , RealTime Monitoring Sysmon Events , Mitre Attack Detections via yaml files

Atomic Red Team App for Phantom

A tool to run and validate telemetry for Atomic Red Team tests

Atomic Red Team Simple Parser

No description available

SOC Enviroment UsingWazuh (Siem & EDR), Suricata ,wazuh dasboard , Open Search Indexer , yara , Sysmon (Sysinternals), Atomic Red Team & VirusTotal

A library of post-exploitation MacOS scripts based on threat emulation, LOObins, CTI, and MITRE ATT&CK.

No description available

No description available

This repository helps you set up an automated Atomic Red Team testing environment using Ludus. The environment allows you to safely execute and test atomic tests while having the ability to revert machines back to clean snapshots.

Slides, notes and more related to Atomics on a Friday

A shrimple guide to deploying the Elastic Stack to create your own local SIEM setup for shrimple Windows event log shipping and analysis; for simulations and more, plus mock DFIR simulations using Atomic Red Team!

This project sets up an Active Directory environment and configures Splunk to ingest events from a Windows Server and a target machine. We perform a brute force attack using Kali Linux to observe telemetry and use Atomic Red Team for additional testing. Goals: enhance IT administration skills, event monitoring, and threat detection.

Install, run Atomic Red Team with ansible