Red teaming is an authorised emulation of real attackers’ TTPs (Tactics, Techniques and Procedures) from MITRE ATT&CK, where you pretend to be a threat actor and attempt intrusion against an organisation.
ATOMIC RED TEAM
Atomic Red Team is a tool that allows you to easily run simulated attacks based on known TTPs in order to test detection and prevention systems [Link]. It uses a PowerShell module called Invoke-AtomicRedTeam to execute the desired attack procedure [Link].
Install Execution Framework Only
Install-Module -Name invoke-atomicredteam,powershell-yaml -Scope CurrentUser
Install Execution Framework and Atomics Folder
IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); Install-AtomicRedTeam -getAtomics -Force
Import the Module in the PowerShell Session
Import-Module "~\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
List Atomic Tests and Check Any
Invoke-AtomicTest All -ShowDetailsBrief Invoke-AtomicTest All -ShowDetailsBrief -anyOS
Invoke-AtomicTest T1016-8 -ShowDetailsBrief Invoke-AtomicTest T1016-8 -ShowDetails Invoke-AtomicTest T1016-8 -CheckPrereqs
Then, Execute!
Invoke-AtomicTest T1016-8 Invoke-AtomicTest T1016-8 -PromptForInputArgs Invoke-AtomicTest T1016-8 -Interactive
Other Options
Invoke-AtomicTest T1089 -Cleanup Invoke-AtomicTest T1218.010 -ExecutionLogPath 'C:\log.csv' Invoke-AtomicRunner -listOfAtomics .\testsList.csv -PauseBetweenAtomics 30
Start the Atomic GUI
Start-AtomicGUI

CALDERA
Caldera is an Automated Adversary Emulation Platform developed by MITRE [Link]. Its source code is available at [Link].
Both Red and Blue teams can use this platform to deploy their Agents and monitor ongoing operations.
Install and start Caldera on Kali
sudo apt install caldera -y caldera
Note the credentials for both teams displayed in the terminal:

Navigate to http://localhost:8888/.

Each team (Red and Blue) has its own dashboard, but both look and work the same way:


Set up the Agents.

- Key setup points:
- Select the Agent based on the desired communication protocol: TCP, HTTP, HTTPS, etc.
- Enter the IP or hostname of the Caldera Server and make sure it is reachable from the Agents.
- Several deployment commands will be generated to copy and paste onto the endpoints (Agents):
- Caldera’s default Red team agent,
- Blue team agent,
- One with a randomised name for a quick background start,
- One that compiles on the endpoint (requires GoLang),
- One that uses GIST C2,
- And one capable of P2P communication.
Review the Adversary Profiles and define what will be emulated.

- Key setup points:
- Search the Abilities database for TTPs that match the organisation’s attack surface.
Create an Operation with the chosen Adversary Profile.

- Key setup points:
- Research which adversaries are most likely to target your organisation or industry.
- Adversaries are based on real threat actors’ observed behaviours and capabilities.
- Research which adversaries are most likely to target your organisation or industry.
Configure the Operation settings.

- Key setup points:
- Create a new Operation and select the Adversary you want to emulate.
- Adjust the desired obfuscation level and the amount of noise it will generate on the network.

Monitor the operation as it unfolds.
BONUS
Run Atomic Red Team from a container with:
docker run -it redcanary/invoke-atomicredteam:latest
Run Caldera from a container with:
docker run -it -d mitre/caldera