Attack Emulation and Atomic Red Team w/ Darin and Carrie Roberts – $395

Attack Emulation and Atomic Red Team w/ Darin and Carrie Roberts
4 Sessions – 4 Hour Classes

Instructors: Darin and Carrie Roberts

Price: $395


  • 16 hours of hands-on interactive learning
  • Introduction to Mitre ATT&CK Framework and the ATT&CK Navigator
  • In-depth Coverage of Atomic Red Team
  • Review of other open source emulation frameworks like Caldera and Mordor
  • A look at commercial emulation frameworks
  • Interactive Exercises (Labs)
    • Mitre ATT&CK and the ATT&CK Navigator
    • Manual Execution of Atomic Tests
    • Scripted Execution for Atomic Tests using the Invoke-Atomic Red Team Framework
    • Local vs Remote execution of Atomic Tests
    • Creating you own Atomic Test
    • Contributing to the Atomic Red Team Project
  • Courseware
    • Downloadable slides and labs

Atomic Red Team is an open source project that helps you measure, monitor and improve your security controls by executing simple “atomic tests” that are mapped directly to the Mitre ATT&CK Framework. This class will provide an overview of the Mitre ATT&CK framework and give you in-depth, hands-on knowledge of how to execute atomic tests that exercise many of the techniques defined in Mitre ATT&CK. You will be provided with hands-on lab instructions for running a variety of atomic tests and creating visualizations using Mitre ATT&CK Navigator. At the end of this class you will have the knowledge to execute these atomic tests within your own test environment where you can create and validate detection in a script-able and consistent way. Whether you are a student of information security or a seasoned red teamer or network defender there is something to learn from getting involved with Atomic Red Team and this course will help you do that.


  • General understanding of Mitre ATT&CK and Attack Emulation Software
  • In-Depth knowledge of the Atomic Red Team framework
  • Key understanding of how Atomic Red Team can help you build and validate your detections
  • How to get involved and contribute to Atomic Red Team


Anyone interested in learning more about cyber attacks at a very detailed, hands-on level should take this course. In particular, those who are interested in the Indicators of Compromise (IOCs) left behind by each attack and how these scripted attacks can be used to validate and develop your detections.

  • Defenders and Blue Teamers
  • Students interested in Information Security
  • Penetration testers and Red Teamers
  • General Security Practitioners


Entry level information security skills and up through advanced


General familiarity with the Windows operating system


  • Internet Connectivity
  • Remote Desktop Protocol (RDP) Client


  • Downloadable course slides and lab walkthroughs
  • RDP access to a Windows 10 client in Azure for running labs

Instructor Bios

Darin Roberts
Darin Roberts is a penetration tester, security analyst, and prolific blogger for Black Hills Information Security. Since beginning his career in information security in 2015, he has acquired a plethora of GIAC certifications including, GISF, GSEC, GCFE, GCIA, and most recently, GCIH. When Darin isn’t competing in CTFs or studying for certs, he enjoys teaching and sharing his knowledge with others. Additionally, he has a B.S. degree in Computer Information Technology, as well as a B.S in Engineering and a Master’s in Teaching.


Carrie Roberts
Carrie Roberts is a web application developer, turned pentester, turned red teamer, turned blue. She loves to learn and give back to the community. She is currently one of the primary Atomic Red Team project maintainers and developers and has developed many of her own open source tools including the Domain Password Audit Tool (DPAT) and Slack Extract. She holds Master’s Degrees in both Computer Science and Information Security Engineering. She has earned 12 GIAC certifications including the prestigious “Security Expert” (GSE) certification. She has spoken at numerous security conferences including DerbyCon and Wild West Hackin’ Fest, published many blog posts on topics ranging from social engineering to bypassing anti-virus, and contributed new research on the VBA Stomping maldoc technique. Find out more about Carrie at


  • Mon, Nov 2, 2020 11:00 AM – 4:00 PM EST
  • Tue, Nov 3, 2020 12:00 PM – 4:00 PM EST
  • Wed, Nov 4, 2020 12:00 PM – 4:00 PM EST
  • Thu, Nov 5, 2020 12:00 PM – 4:00 PM EST

Register Here

Join the Wild West Hackin’ Fest Discord server to stay updated on future training and webcasts: Join Our Server!