Atomic Red Team

One Year of Atomic Red Team! Looking Back and Ahead

Casey Smith

It is crazy to think it’s been a year since we launched our Atomic Red Team project! In honor of the milestone, here’s a look back at some of our favorite memories, lessons learned, and a preview of what’s ahead.

Atomic Red Team

Q&A from the “Automating Atomic Red Team” Webcast

Casey Smith, Michael Haag

There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off … Read More

Atomic Red Team

Introducing the Next Chapter of Atomic Red Team

Casey Smith, Michael Haag, Brian Beyer

It’s been nearly nine months since we launched Atomic Red Team and we’ve been blown away by the tremendous response from the community. It’s exciting to see so many teams testing their security controls and getting a better understanding of what they can and cannot detect. We initially created Atomic Red Team to help security teams (including our own) test … Read More

Driving Efficacy Through Detector Tuning: a Deeper Dive Into Detection Engineering

Keshia LeVan

In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More

Red Canary Detector Development

Behind the Scenes with Red Canary’s Detection Engineering Team

Kyle Rainey

At Red Canary, we are huge believers in sharing methodologies of how and why we do things. It provides opportunities for others to learn and pushes the community forward. Today we are excited to pull back the curtains on Red Canary’s detection engineering team. Our team’s mission is simple: hunt and find threats. Rather than analyzing and triaging alerts like … Read More

Atomic Red Team Training Session

Detonate, Detect, Analyze: the Applied Research Team Answers Audience Questions

Casey Smith, Michael Haag

We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More

Atomic Red Team Chain Reactions

Testing Detection and Prevention Tools With Atomic Red Team “Chain Reactions”

Casey Smith, Michael Haag

The very nature of Atomic Red Team is to allow for customization of different testing units to determine coverage, prevention, or detection within your environment. Chain reactions are a concept we developed to enable security teams to combine multiple MITRE ATT&CK™ techniques and execute them simultaneously. You can use these free-form methods to either build a sequence of events or … Read More