MITRE ATT&CKcon 2018: Building an Atomic Testing Program, Brian Beyer, Red Canary
1 like2,050 views
Atomic testing involves small, easily executable tests of individual ATT&CK techniques to test security coverage and help defenders learn how adversaries operate. The document recommends scheduling recurring atomic tests, using them to identify gaps, and hold teams and partners accountable. It provides links to the Atomic Red Team project on GitHub and the Atomic Tests website for using, contributing to, and learning more about atomic tests.
MITRE ATT&CKcon 2018: Building an Atomic Testing Program, Brian Beyer, Red Canary
- 1. Building an Atomic Testing Program Test. Measure. Improve.
- 3. Think this
- 4. Not this
- 5. An atomic test is 1. Small (one ATT&CK technique) 2. Easy to execute
- 6. https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md
- 8. Testing your coverage is fundamental to improving your security outcomes. Testing should be fast and easy. Defenders need to keep learning how adversaries are operating.
- 9. Another red team suggestion (hat tip: Tim McG — https://www.twitter.com/NotMedic) is to use ATT&CK before you even plan your next red team campaign. Roll the dice and randomly select 2–3 TTPs from each column and that becomes the fake adversary that you are emulating. https://medium.com/@malcomvetter/red-team-use-of-mitre-att-ck-f9ceac6b3be2 “
- 12. Now what?
- 17. How can I use Atomic Tests?
- 18. Ways to use Atomic Tests: 1) Create a recurring calendar invite 2) Know thy gaps 3) Hold your team accountable 4) Hold your partners/vendors accountable
- 20. Subscribe to the Red Canary blog: redcanary.com/blog Contribute tests to Atomic Red Team: atomicredteam.io