Skill

performing-threat-emulation-with-atomic-red-team

From asi

Executes Atomic Red Team tests for MITRE ATT&CK validation using atomic-operator Python framework. Runs attack simulations from YAML atomics to test SIEM/EDR detection in purple team exercises.

Python

security

testing

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When conducting security assessments that involve performing threat emulation with atomic red team

SKILL.md

Similar Skills

performing-threat-emulation-with-atomic-red-team

5.9k

Executes Atomic Red Team tests using atomic-operator to validate MITRE ATT&CK techniques, simulate attacks, and check SIEM/EDR detection coverage for purple team exercises.

3 files

cybersecurity-skills

performing-threat-emulation-with-atomic-red-team

Executes Atomic Red Team tests using atomic-operator Python framework for MITRE ATT&CK validation. Loads YAML definitions, runs attack simulations, verifies SIEM/EDR detection coverage for purple team exercises.

3 files

cybersecurity-skills-zh

performing-purple-team-atomic-testing

Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis, and validates detections via PowerShell and Sigma rules in purple team exercises.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Performing Threat Emulation with Atomic Red Team

When to Use

When conducting security assessments that involve performing threat emulation with atomic red team

When following incident response procedures for related security events

When performing scheduled security testing or auditing activities

When validating security controls through hands-on testing

Prerequisites

Familiarity with threat intelligence concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Use atomic-operator to execute Atomic Red Team tests and validate detection coverage against MITRE ATT&CK techniques.

from atomic_operator import AtomicOperator operator = AtomicOperator() # Run a specific technique test operator.run( technique="T1059.001", # PowerShell execution atomics_path="./atomic-red-team/atomics", )

Key workflow:

Clone the atomic-red-team repository for test definitions

Select ATT&CK techniques matching your detection rules

Execute atomic tests using atomic-operator

Check SIEM/EDR for corresponding alerts

Document detection gaps and update rules

Examples

# Parse atomic test YAML definitions import yaml with open("atomics/T1059.001/T1059.001.yaml") as f: tests = yaml.safe_load(f) for test in tests.get("atomic_tests", []): print(f"Test: {test['name']}") print(f" Platforms: {test.get('supported_platforms', [])}")