
Atomic Red Team is an open-source project that provides a comprehensive library of tests designed to simulate adversary techniques, tactics, and procedures (TTPs) as outlined in the MITRE ATT&CK® framework. These tests enable security teams to evaluate and enhance their detection and response capabilities by emulating real-world attack scenarios.
Atomic Red Team is a valuable resource for security professionals looking to test their defenses against real-world attack techniques. Here’s a breakdown of key details regarding its TTPs:
Core Functionality:
- MITRE ATT&CK Alignment:
- Atomic Red Team is built upon the MITRE ATT&CK framework, which provides a standardized taxonomy of adversary tactics, techniques, and procedures (TTPs). This alignment allows security teams to simulate specific attack scenarios and evaluate their detection and response capabilities.
- Atomic Tests:
- The project provides a library of “atomic tests,” which are small, focused tests designed to emulate individual ATT&CK techniques. This modular approach allows for targeted assessments and simplifies the testing process.
Key Features of Atomic Red Team:
- Comprehensive Coverage: The project offers a wide array of tests covering various MITRE ATT&CK techniques across multiple platforms, including Windows, macOS, and Linux. This extensive coverage allows organizations to assess their defenses against a broad spectrum of potential threats. github.com
- Modular and Focused Tests: Each test, referred to as an “atomic test,” is designed to be small, highly portable, and focused on a specific technique. This modularity ensures that tests have minimal dependencies and can be executed with ease, facilitating targeted assessments. github.com
- Execution Frameworks: To streamline the execution of these tests, Atomic Red Team provides frameworks like Invoke-Atomic, a PowerShell-based tool that allows security teams to run tests directly from the command line. This facilitates quick and efficient testing processes. redcanary.com
- Community-Driven Development: As a community-developed project, Atomic Red Team encourages contributions from security professionals worldwide. This collaborative approach ensures continuous updates and the inclusion of diverse testing scenarios, keeping the library relevant and up-to-date. github.com
Accessing Atomic Red Team TTPs:
The complete library of atomic tests is available on the Atomic Red Team GitHub repository. Each test is organized by its corresponding MITRE ATT&CK technique ID and includes detailed information such as the test description, execution commands, supported platforms, and cleanup procedures. This structured format allows security teams to select and execute tests relevant to their specific assessment needs.
Getting Started:
To begin utilizing Atomic Red Team:
- Clone the Repository: Access the GitHub repository and clone it to your local environment.
- Install Necessary Tools: Depending on your platform, install the appropriate execution framework, such as Invoke-Atomic for Windows.
- Select and Execute Tests: Browse the library to identify relevant tests and execute them using the chosen framework. Ensure that you review and fulfill any prerequisites mentioned for each test.
- Analyze Results: After execution, analyze the outcomes to assess your organization’s detection and response effectiveness.
For detailed guidance on installation and execution, refer to the Atomic Red Team Getting Started documentation.
By integrating Atomic Red Team into your security testing regimen, you can proactively identify and address potential vulnerabilities, thereby strengthening your organization’s overall security posture.
As of the latest available data, Atomic Red Team offers a comprehensive library of over 1,700 atomic tests, covering a wide array of adversary techniques and sub-techniques across multiple platforms.
atomicredteam.io These tests are meticulously designed to align with the MITRE ATT&CK® framework, enabling security teams to effectively simulate and evaluate their organization’s defenses against real-world attack scenarios.
The project has experienced significant growth, with a notable 42.7% increase in atomic tests, reaching a total of 436 new tests contributed in the past year alone.
redcanary.com This expansion reflects the community’s dedication to enhancing the breadth and depth of the testing library, ensuring that it remains up-to-date with emerging threats and techniques.
For detailed information on each test, including execution commands, prerequisites, and associated MITRE ATT&CK techniques, you can explore the official Atomic Red Team website or their GitHub repository. These resources provide structured and accessible documentation to assist security professionals in implementing and customizing tests to suit their specific assessment needs.
By leveraging this extensive collection of atomic tests, organizations can proactively identify potential vulnerabilities and strengthen their security posture against a continually evolving threat landscape.
- GitHub (github.com/redcanaryco/atomic-red-team):
- The GitHub repository hosts the source code and test library, allowing users to access and contribute to the project.
In essence, Atomic Red Team empowers security teams to proactively identify vulnerabilities and strengthen their defenses by simulating real-world adversary behavior.
Last tab of above file is a combine scores from each 10 layer. If the cell color is not red, that means that tactic is shared by more than one APT group. Ex “Ingress Tool transfer” is more toward green, means shared by five group. orange is shared by three group. the color between red and orange is shared by 2 groups. Sorry excel sheet does not show the total score of for each cell but I will be happy to share the json file so you can see the score of each cell by uploading the file on Attack Navigator.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services