battlewise VS adversary_emulation_library

Develop a coding style - curly braces, parenthesis, function length/name, variable names/types, structures, macros. This is work at module level (.c). See for inspiration: https://github.com/dellfer/battlewise/blob/main/src/common/berrors.h

// Read-able code is always easier to debug code. #include "berrors.h" // see https://github.com/dellfer/battlewise/blob/main/src/common/berrors.h #include #define MAX_ELEMENTS (10) static STATUS readInt(int *pRetInt) { STATUS status = OK; // scanf is not considered a safe function // good news - you only need to fix this one function to remedy if (1 != scanf("%d", pRetInt)) status = ERR_GEN_NOT_FOUND; return status; } static STATUS readPostiveInt(int *pRetInt) { STATUS status; if (OK > (status = readInt(pRetInt))) goto exit; if (0 > (*pRetInt)) status = ERR_GEN_NOT_FOUND; // we would want to add a more specific // error for this condition // maybe out of expected range exit: return status; } int main() { int elements[MAX_ELEMENTS]; int maxElements; int numElements; int index; int lowIndex; \\ a range (lowIndex, highIndex) int highIndex; STATUS status; printf("Enter the array size:"); if (OK > (status = readPostiveInt(&maxElements))) goto exit; if (maxElements > MAX_ELEMENTS) { status = ERR_GEN_BAD_LENGTH; goto exit; } /* read the entire an array of elements */ for (index = 0; index < maxElements; index++) if (OK > (status = readInt(&(elements[index])))) goto exit; // we read positive integers to ensure range is good // otherwise, we have a buffer underflow bug printf("Input Two Points:"); if (OK > (status = readPostiveInt(&lowIndex))) goto exit; if (OK > (status = readPostiveInt(&highIndex))) goto exit; // recall indices are zero-based in C (we need '>=') // we don't check if lowIndex is lower than highIndex if ((lowIndex >= maxElements) || (highIndex >= maxElements)) { printf("0"); goto exit; } for (numElements = 0; lowIndex <= highIndex; lowIndex++) { printf("%d, ", elements[lowIndex]); numElements++; } printf("Number Of Elements Are: %d\n", numElements); exit: if (OK > status) printf("main: error occurred. status = %d\n", status); return 0; }

Declare error codes: https://github.com/dellfer/battlewise/blob/main/src/common/berrors.h

Unfortunately I don't have the background and knowledge of cybersecurity needed to plan a pentest of my own. Also, it would be more interesting to emulate the attacks of actual APTs known in the wild. So far, I've tested Caldera, Invoke-AtomicRedTeam and manual tests from CTID's adversary emulation library: https://github.com/center-for-threat-informed-defense/adversary_emulation_library

This is a great callout! To help get started, check out the adversary emulation library, https://github.com/center-for-threat-informed-defense/adversary_emulation_library. There are also micro-emulation plans, described here: https://ctid.mitre-engenuity.org/our-work/micro-emulation-plans/.

I don't know how we know what CS would do if that command was part of a chain of attack, I'm assuming it would just detect on the more malicious activities. Once we get a bit more mature in our use of Atomic Red team I was looking at this framework for simulating an actual attack chain.