Atomic Red Team
Library of small tests mapped to ATT&CK techniques—run via Invoke-AtomicRedTeam or CI to validate detections.
Why it is included
Most portable open way to execute known-bad behaviors safely for detection engineering.
Best for
Detection engineers writing Sigma/YARA/Falco rules who need ground-truth telemetry.
Strengths
- ATT&CK alignment
- Huge test corpus
- Community maintenance
Limitations
- Requires change control; never run untargeted on production without approval
Good alternatives
MITRE Caldera · Stratus Red Team
Related tools
Security & Privacy
MITRE Caldera
Automated adversary emulation platform built on ATT&CK: planners, abilities, sandboxes, and purple-team reporting.
Security & Privacy
Sigma
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
Security & Privacy
Falco
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.
Security & Privacy
BloodHound
Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.
Security & Privacy
kube-hunter
Penetration testing tool for Kubernetes clusters: active hunting modules for API exposure, services, and misconfigs.
Security & Privacy
GnuPG
OpenPGP implementation for encryption, signing, and key management.