caldera
EnterprisePurpleTeaming
caldera | EnterprisePurpleTeaming | |
---|---|---|
16 | 6 | |
5,208 | 622 | |
2.1% | - | |
9.1 | 3.3 | |
3 days ago | 11 months ago | |
Python | ||
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caldera
-
SOC Malware/Detection lab
Also, for the attack emulation part you might be interested in CALDERA.
- Automated penetration testing software?
-
Endpoint Attack Simulation
Mitre made Caldera to drive this. https://github.com/mitre/caldera
- Testing an XDR solution
-
Do you know the Mitre tool "Caldera"? How can I build a plugin for it?
Did you join the Slack and ask your question there, or on the discussion forum? The CALDERA team will answer... (both links are at https://caldera.mitre.org/)
- New blue team
- Attack simulation tool based on CVE
-
Attack Chain/Exploitation Path Diagram Generation Tools?
There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.
- Malware testing service/site for our EDR Testing of SentinelOne
- Worm/ Replicating virus for demonstrating spread/lateral movement through a network.
EnterprisePurpleTeaming
-
Tool for Creating Randomized IR Scenarios
You might want to look at platforms like Scythe and into purple teaming in general. Aside from that quite the number of projects involving attack simualtion on atomic level using caldera or atomic red team. Another great resource: https://github.com/ch33r10/EnterprisePurpleTeaming
-
Analysing attacks from a Blue team perspective
As you are about to purpleteam yourself, Xena Olsen got you covered with a lot of great resources and a stuctured methodic approach: https://github.com/ch33r10/EnterprisePurpleTeaming Above that, when using Splunk you most probably had a look at the boss of the soc datasets - prequalified/-recorded close2real attack data which will assist in getting the hang of being able to discern the good from the bad; on a side note - with Splunk now pubicly sharing their security content (=use cases) you have another source to check out the level of correlation and most importantly the context information needed to make a decision. Context is everything - only by having all the facts you'll be able to tell whether that shadow copy deletion came from the backup agent or your friendly neighborhood ransom gang.
-
Need help with Red Team PoC setup/demo
Dr. Xena has got you covered - check tool section: https://github.com/ch33r10/EnterprisePurpleTeaming
- EnterprisePurpleTeaming: Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study. Doctor of Science Cybersecurity at Marymount University Dissertation by Xena Olsen.
- GitHub - ch33r10/EnterprisePurpleTeaming: Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study. Doctor of Science Cybersecurity at Marymount University Dissertation by Xena Olsen.
-
Enterprise Purple Team Doctoral Research Call for Participants
Here's an Enterprise Purple Team resource (I will continue adding items): https://github.com/ch33r10/EnterprisePurpleTeaming
What are some alternatives?
Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
sliver - Adversary Emulation Framework
Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
pwnspoof - Pwnspoof repository
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
purple-team-exercise-framework - Purple Team Exercise Framework
Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
SecGen - Create randomly insecure VMs
Ghostwriter - The SpecterOps project management and reporting engine
slack-watchman - Slack enumeration and exposed secrets detection tool
WSLab - Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.