My key takeaways
- The Atomic Red Team Project (ART) is a open source library of scripted attacks
- ART uses the MITRE ATT&CK Matrix as structure
- ART emulates what an Attacker might do after compromise; msf tries to make use of vulns in software
- Emulating attacks helps to improve detection of attacks and comparing security products
- Vectr.io is a feature rich tool and report framework for purple team collaboration
- Atomics can be executed manually. Better use the PowerShell Execution Framework: Invoke-AtomicRedTeam
- Windows Defender doesn’t like ART, put it on the exclude list
Env
- Provided by Wild West Hackin’ Fest
- Presenter: Carrie Roberts
additional links
- https://github.com/redcanaryco/atomic-red-team
- https://github.com/redcanaryco/invoke-atomicredteam
- How to: Set up Your Own Test Lab
- https://slack.atomicredteam.io/
- https://mitre-attack.github.io/attack-navigator/
- https://mitre-attack.github.io/attack-navigator/#layerURL=https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
- http://vectr.io/
- https://wildwesthackinfest.com/training/attack-emulation-atomic-red-team-caldera-and-more/
- Dedicated Slack Workspace for Collaboration