Welcome to the Atomic-Attack-Lab wiki!

This wiki is the home of all documentation, features, nuances, and idiosyncrasies related to Atomic Attack Lab.

The Atomic Attack Lab stemmed from a project my company undertook to evaluate the ever-growing and ever-changing capabilities of Endpoint Detection and Response tools. We needed a testing environment that was easy to bring up and tear down, but also allowed us to have a consistent set up of custom tooling. Up to this point it was rather obvious that we needed to use something like Terraform/CloudFormation/ARM for our infrastructure and something like Ansible/Chef/Puppet for our configuration. After several failed attempts, Terraform and Ansible became my one-stop-shop for Atomic Attack Lab!

Next, I needed a way to fulfil our testing requirements. Our tests were centered around the MITRE ATT&CK® framework and were designed in a similar way to the MITRE ATT&CK Evals. I settled on using Caldera as our automation framework because it seemed relatively simple to write operations using ATT&CK techniques. It also gave us a nice GUI to work with, lowering the barrier to entry for the less-accustomed.