attack-flow
caldera
attack-flow | caldera | |
---|---|---|
5 | 16 | |
508 | 5,226 | |
3.3% | 2.1% | |
8.9 | 9.1 | |
15 days ago | 5 days ago | |
TypeScript | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
attack-flow
- Attack Flow v2.0.1 — a language for describing how cyber adversaries combine and sequence various offensive techniques to achieve their goals
-
Attack Chain/Exploitation Path Diagram Generation Tools?
This is what Attack Flow is specifically meant to help with (https://github.com/center-for-threat-informed-defense/attack-flow and https://www.youtube.com/watch?v=dlTTF4TF48A). Take a look at the CEO Scenario walkthrough (https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md), the use of a Sankey diagram to highlight how mitigations reduce the cost of risk is one of the best representations I know of.
-
I'm the CINO of Tidal Cyber, and previously founded MITRE's ATT&CK® Evaluations. AMA!
I will give credit to the work at CTID, though many are looking at how to not look at ATT&CK Techniques atomically, rather as chains: https://ctid.mitre-engenuity.org/our-work/attack-flow/
-
PURPLE TEAM LEADERSHIP METRICS?
define your attack path similar to the sankey diagrams at https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md
-
Tooling for Purple Teaming
- Threat Modeling - Based on the assessment results, define potential attack paths (not a single action against a single asset, but the full chain of steps that an attacker would take - see https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md for a basic example). Prioritize your attack paths based on whatever real world factors affect your team's availability, capabilities, etc. For example, if the team's availability overlaps with a year-end accounting process, pick an attack path that doesn't touch your finance and accounting team.
caldera
-
SOC Malware/Detection lab
Also, for the attack emulation part you might be interested in CALDERA.
- Automated penetration testing software?
-
Endpoint Attack Simulation
Mitre made Caldera to drive this. https://github.com/mitre/caldera
- Testing an XDR solution
-
Do you know the Mitre tool "Caldera"? How can I build a plugin for it?
Did you join the Slack and ask your question there, or on the discussion forum? The CALDERA team will answer... (both links are at https://caldera.mitre.org/)
- New blue team
- Attack simulation tool based on CVE
-
Attack Chain/Exploitation Path Diagram Generation Tools?
There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.
- Malware testing service/site for our EDR Testing of SentinelOne
- Worm/ Replicating virus for demonstrating spread/lateral movement through a network.
What are some alternatives?
caldera_pathfinder - Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
attack-stix-data - STIX data representing MITRE ATT&CK
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
heimdall2 - Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
Ghostwriter - The SpecterOps project management and reporting engine
WSLab - Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.