caldera
tram
caldera | tram | |
---|---|---|
16 | 3 | |
5,182 | 392 | |
1.6% | 2.6% | |
9.1 | 7.9 | |
7 days ago | 3 months ago | |
Python | Jupyter Notebook | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caldera
-
SOC Malware/Detection lab
Also, for the attack emulation part you might be interested in CALDERA.
- Automated penetration testing software?
-
Endpoint Attack Simulation
Mitre made Caldera to drive this. https://github.com/mitre/caldera
- Testing an XDR solution
-
Do you know the Mitre tool "Caldera"? How can I build a plugin for it?
Did you join the Slack and ask your question there, or on the discussion forum? The CALDERA team will answer... (both links are at https://caldera.mitre.org/)
- New blue team
- Attack simulation tool based on CVE
-
Attack Chain/Exploitation Path Diagram Generation Tools?
There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.
- Malware testing service/site for our EDR Testing of SentinelOne
- Worm/ Replicating virus for demonstrating spread/lateral movement through a network.
tram
-
MITRE ATT&CK Labeled CTI reports
Check out TRAM https://github.com/center-for-threat-informed-defense/tram/
- Tool for MITRE Mapping
-
TRAM: Advancing Research into Automated TTP Identification in Threat Reports.
I think you may be looking at the wrong repo: https://github.com/center-for-threat-informed-defense/tram/issues. Did you read the article? It’s basically about how it was created in 2019 but they’ve just redesigned and reworked it, that’s what the article is about.
What are some alternatives?
Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
Go-MISPFeedGenerator - Golang implementation of PyMISP-feedgenerator
Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
DeTTECT - Detect Tactics, Techniques & Combat Threats
Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
caldera_pathfinder - Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
Ghostwriter - The SpecterOps project management and reporting engine
attack-control-framework-mappings - 🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
WSLab - Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
tram - Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.