Community and sharing is at the heart of Atomic Red Team. The open source project was developed to help all security teams (including our own) test detection coverage against MITRE ATT&CK™. As John Lambert highlighted in his keynote at ATT&CKcon:
“If you want to go fast, go alone. If you want to go far, go together.” —African Proverb
In that vein, we’re excited to launch a new extension of the project: Atomic Friday. Starting November 9, these live discussions will be held regularly to talk about how security teams are using Atomic Red Team to improve detection and defense. Each session will focus on actionable ideas and best practices surrounding specific tradecraft in MITRE ATT&CK. Think of them as informal “chalk talks.”
We hope these interactive discussions will cut through some of the noise and confusion in the marketplace so that security teams can hear directly from each other and share ideas for improving.
Sign up here to join the next one and stay up-to-date on future sessions!
Here’s what you need to know about Atomic Friday:
When and where is it?
Atomic Fridays will be held regularly starting on Friday, November 9, 2018. The sessions will be live-streamed on Red Canary’s YouTube channel.
What will Atomic Friday cover?
Each session will dig into the details of a specific MITRE ATT&CK technique, then step back and discuss detection and prevention strategies. We will be soliciting suggestions for future topics from the community, so the specifics of a given session will be determined by the host (which will not always be us!).
How do I join?
Sign up here so we can keep you updated on upcoming sessions. There are no requirements aside from your email address, which we’ll use to send you details on how to join the discussion.
Will it be recorded?
Yes. The answer is always yes. These sessions will be recorded and posted on Red Canary’s Atomic Red Team YouTube playlist for you to watch at your convenience. However, because they’re live interactive discussions, we highly recommend joining live so you can participate and benefit from sharing with the community.
Are there any prerequisites?
There are no prerequisites, but we do recommend familiarizing yourself with the tests if you haven’t used them before. Atomic Friday will not be a trouble-shooting “how-to” session on the framework; it will be a dialogue on how to improve detection and defense using Atomic Red Team. Participants will also benefit from visiting the ATT&CK matrix to read up on the specific technique we’ll be covering.
If you’re new to Atomic Red Team, here are some resources to get you started:
Who can participate?
Anyone and everyone who wants to learn and grow. We hope to foster community discussions around detections. We don’t have all the answers and we welcome feedback. Like the quote says:
We look forward to seeing you at Atomic Friday next week! Sign up to receive updates and details.
Related Articles
Emu-lation: Validating detections for SocGholish with Atomic Red Team
Emu-lation: Validating detection for Gootloader with Atomic Red Team
Emu-lation: Validating detection for Gootloader with Atomic Red Team
Safely validate executable file attributes with Atomic Test Harnesses
Safely validate executable file attributes with Atomic Test Harnesses
Find security bugs in web application routes with route-detect