Atomic Red Team & MITRE ATT&CK

Instructors: Darin and Carrie Roberts

Equipment Required:
Workshop attendees who wish to do the labs on Thursday and Friday will need to be able to make a Remote Desktop Connection (RDP) to a lab machine on the Internet.

Length: 2 hours

Atomic Red Team is an open source project that helps you measure, monitor, and improve your security controls by executing simple “atomic tests” that are mapped directly to the MITRE ATT&CK framework. This workshop will provide an overview of the MITRE ATT&CK framework and give you in-depth, hands-on knowledge of how to execute atomic tests that exercise many of the techniques defined in the MITRE ATT&CK framework.

At the end of this workshop you will have the knowledge to execute atomic tests within your own test environment where you can create and validate detections in a scriptable and consistent way.

In this workshop you will be working through 11 hands-on labs at your own pace. We will provide you with a lab machine on which to run the labs during the WWHF conference Thursday and Friday from 9AM – 5PM MDT. Just direct message @OrOneEqualsOne on the Discord channel during the lab hours for access details. You can optionally attend the instructor led training and walkthrough of the labs on Wednesday evening of the conference in preparation for doing the hands-on labs.

Darin Roberts is a penetration tester, security analyst, and prolific blogger for Black Hills Information Security. Since beginning his career in information security in 2015, he has acquired a plethora of GIAC certifications including, GISF, GSEC, GCFE, GCIA, and most recently, GCIH. When Darin isn’t competing in CTFs or studying for certs, he enjoys teaching and sharing his knowledge with others. Additionally, he has a B.S. degree in Computer Information Technology, as well as a B.S in Engineering and a Master’s in Teaching.

Carrie Roberts is a web application developer, turned pentester, turned red teamer, turned blue. She loves to learn and give back to the community. She is currently one of the primary Atomic Red Team project maintainers and developers and has developed many of her own open source tools including the Domain Password Audit Tool (DPAT) and Slack Extract. She holds Master’s Degrees in both Computer Science and Information Security Engineering. She has earned 12 GIAC certifications including the prestigious “Security Expert” (GSE) certification. She has spoken at numerous security conferences including DerbyCon and Wild West Hackin’ Fest, published many blog posts on topics ranging from social engineering to bypassing anti-virus, and contributed new research on the VBA Stomping maldoc technique. Find out more about Carrie at