FAQs

What is Atomic Red Team?

How can Atomic Red Team help me?

How well does Atomic Red Team cover the MITRE ATT&CK Techniques?

How can I get started?

Are there Atomic Tests for Linux and macOS?

How did the Atomic Red Team project get started?

What does Red Canary do?

Couldn't AV vendors use this tool too and render it useless?

How does Atomic Red Team compare to other free and open source attack emulation tools?

Does Atomic Red Team negate the need for a traditional red team?

There will always be things that red teams can do that can't be scripted in the Atomic Red Team project. For example, realistic phishing emails from a believable source, vishing, credential stuffing, zero-day exploitation, etc. There are things that red teams can do better than atomic red team and vice versa, so there is a need for both.

Can I chain multiple atomic tests together to emulate specific attack groups?

You can manually chain tests together by running individual atomic tests back to back but there is no automated solution for emulating a specific attack group as a whole. But stayed tuned, this feature has been requested and is in the works.

Can I run an Atomic Red Team test on a remote machine where Atomic Red Team is not installed?

Is there a notification when new atomic tests are added?

The Atomic Red Team Slack Workspace has a public channel called "atomic-git" where notifications for all contributions are posted.

Does Atomic Red Team cover cloud infrastructure attacks?

No atomic tests have been contributed in this category but the test definition format is universal enough to support this kind of test in the future.

Where can I go to learn more?