Adversaries use the Password Filters technique to access credentials and establish persistence. How is your team detecting and defending against this technique? Join our next Atomic Friday discussion to share stories and best practices with the community.
We’re excited to launch a new extension of the Atomic Red Team project: Atomic Friday. Starting November 9, these live community discussions will be held regularly to talk about how security teams are using Atomic Red Team to improve detection and defense. Each session will focus on actionable ideas surrounding specific ATT&CK techniques.
There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off … Read More
It’s been nearly nine months since we launched Atomic Red Team and we’ve been blown away by the tremendous response from the community. It’s exciting to see so many teams testing their security controls and getting a better understanding of what they can and cannot detect. We initially created Atomic Red Team to help security teams (including our own) test … Read More
In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More