adversary_emulation_library
tram
Our great sponsors
| adversary_emulation_library | tram | |
|---|---|---|
| 8 | 3 | |
| 1,545 | 391 | |
| 4.1% | 5.9% | |
| 9.5 | 7.9 | |
| 4 months ago | 3 months ago | |
| C | Jupyter Notebook | |
| Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
adversary_emulation_library
-
What adversary emulation options are there nowadays to test SIEMs and IDSs?
Unfortunately I don't have the background and knowledge of cybersecurity needed to plan a pentest of my own. Also, it would be more interesting to emulate the attacks of actual APTs known in the wild. So far, I've tested Caldera, Invoke-AtomicRedTeam and manual tests from CTID's adversary emulation library: https://github.com/center-for-threat-informed-defense/adversary_emulation_library
- adversary_emulation_library: An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
-
New blue team
This is a great callout! To help get started, check out the adversary emulation library, https://github.com/center-for-threat-informed-defense/adversary_emulation_library. There are also micro-emulation plans, described here: https://ctid.mitre-engenuity.org/our-work/micro-emulation-plans/.
- micro_emulation_plans: This collection expands the impact of the Adversary Emulation Library by developing easy-to-execute adversary emulation content that targets specific behaviors and challenges facing defenders
-
Advice on purple teaming
I don't know how we know what CS would do if that command was part of a chain of attack, I'm assuming it would just detect on the more malicious activities. Once we get a bit more mature in our use of Atomic Red team I was looking at this framework for simulating an actual attack chain.
- THT: When hunt APT look for emulation ...
- Adversary Emulation Library
- menuPass Adversary Emulation
tram
-
MITRE ATT&CK Labeled CTI reports
Check out TRAM https://github.com/center-for-threat-informed-defense/tram/
- Tool for MITRE Mapping
-
TRAM: Advancing Research into Automated TTP Identification in Threat Reports.
I think you may be looking at the wrong repo: https://github.com/center-for-threat-informed-defense/tram/issues. Did you read the article? It’s basically about how it was created in 2019 but they’ve just redesigned and reworked it, that’s what the article is about.
What are some alternatives?
sysmon-modular - A repository of sysmon configuration modules
Go-MISPFeedGenerator - Golang implementation of PyMISP-feedgenerator
attack-flow - Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
DeTTECT - Detect Tactics, Techniques & Combat Threats
attack-control-framework-mappings - 🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
caldera_pathfinder - Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
RedEye - RedEye is a visual analytic tool supporting Red & Blue Team operations
stix2.1-coa-playbook-extension - A STIX 2.1 Extension Definition for the Course of Action (COA) object type. The nested property extension allows a COA to share machine-readable security playbooks such as CACAO Security Playbooks
caldera - Automated Adversary Emulation Platform
auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
tram - Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.