atomic-red-team

atomic-red-team

Featured Verified 10608 Stars Trending

Small and highly portable detection tests based on MITRE's ATT&CK.

redcanaryco
Red-team
Jun 01, 2025
10608 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Red-team
GitHub Stars
10608
Project Added On
Jun 01, 2025
Contributors
30

README.md

View on GitHub

Atomic Red Team

GitHub Action Status Atomics GitHub Action Status

Atomic Red Team™ is a library of tests mapped to the
MITRE ATT&CK® framework. Security teams can use
Atomic Red Team to quickly, portably, and reproducibly test their environments.

Get started

You can execute atomic tests directly from the command line, no installation
required. See the Getting started
page of our wiki.

For a more robust testing experience, consider using an execution framework like
Invoke-Atomic.

Learn more

The Atomic Red Team documentation is available as a wiki.

For information about the philosophy and development of Atomic Red Team, visit
our website at https://atomicredteam.io.

To stay up to date on all things Atomic Red Team, sign up for the Atomic Newsletter: https://redcanary.com/atomic-newsletter/

Contribute to Atomic Red Team

Atomic Red Team is open source and community developed. If you’re interested in
becoming a contributor, check out these resources:

  • Join our Slack workspace and get involved
    with the community. Don’t forget to review the code of conduct
    before you join.
  • Report bugs and request new features by submitting an issue.
  • Read our contribution guide
    for more information about contributing directly to this repository.
  • Check the license for information regarding the distribution
    and modification of Atomic Red Team.
  • Contribute to linux atomics quickly from GitHub Codespaces. For more details, click here

Open in GitHub Codespaces

Tool Information

Author

redcanaryco

Project Added On

June 01, 2025

License

Open Source

Tags

mitre mitre-attack
View on GitHub

Related Tools

NTDLLReflection

NTDLLReflection

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Stable
kernel-exploit-factory

kernel-exploit-factory

Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.

Stable
NovaHypervisor

NovaHypervisor

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.

Stable
View more Red-team tools