Introducing AtomicTestHarnesses

Originally published on Red Canary Blog
Read the full article: Introducing AtomicTestHarnesses

What is AtomicTestHarnesses?

AtomicTestHarnesses is a PowerShell module designed to complement Atomic Red Team by providing:

More granular control over test execution
Enhanced logging and validation
Better integration with detection systems
Programmatic test result validation

Why We Built It

While Atomic Red Team provides excellent test coverage, we needed:

Automated validation of test execution
Detailed logging for analysis
Ability to run tests programmatically
Better integration with our detection pipeline

Key Features

Granular Control

Execute individual test components with precise control over parameters and timing.

Enhanced Logging

Detailed execution logs that capture:

Test parameters
Execution results
Artifacts created
Cleanup status

Validation Framework

Programmatically validate that tests executed as expected:

Check for expected artifacts
Verify process creation
Validate network connections
Confirm file modifications

Detection Integration

Easily integrate with SIEMs and detection platforms to validate detection coverage.

Use Cases

Detection Validation

Run tests and automatically verify your detections fired.

Continuous Testing

Integrate into CI/CD pipelines for ongoing detection validation.

Research & Development

Develop new atomic tests with better debugging capabilities.

Training

Provide students with detailed feedback on test execution.

Getting Started

# Install the module
Install-Module -Name AtomicTestHarnesses

# Import and use
Import-Module AtomicTestHarnesses
Invoke-AtomicTest -TestGuid <guid> -Validate

Read the full documentation: Introducing AtomicTestHarnesses

Related Modules

Active

Atomics on a Friday

Weekly YouTube show exploring atomic tests, detection engineering, and security research. Live demonstrations and deep dives into attack techniques.

youtube atomic-red-team detection education +1

View Module → GitHub