Atomic Red Team
Premium roomLeveraging the Atomic Red Team Framework to strengthen the Security Operations' detection capabilities.
medium
120 min
9,413
To access material, start machines and answer questions login.
How do threat actors execute initial payloads? What typical commands are performed by threat actors once a persistent connection is established in the network? What does it look like in our environment?
It can be overwhelming for security analysts to try learning every tactic, technique, and procedure () used by threat actors to test the capabilities of a Security Operations setup. That's why threat emulation frameworks were developed – they provide a structured and efficient way to simulate various techniques, making it easier for security analysts to evaluate the detection capabilities of a . Many different approaches can be taken when emulating threats, and these frameworks help to organise and streamline the process.
Learning Objectives
In this room, we will learn how to utilise Atomic Red Team from the perspective of Blue Teamers, understanding how exactly threat actors run their TTPs and how significant it is to see it in action. In addition, we will tackle topics such as the following throughout the room:
- Break down of the Atomics - the main component of the Atomic Red Team Framework.
- Importance of emulated execution and cleanup during testing.
- Implications of threat emulation to detection engineering.
Room Prerequisites
It is suggested to clear the following rooms first before proceeding with this room:
Now, let's defeat threats by becoming one with them.
Ready to learn Cyber Security?
The Atomic Red Team room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in