invoke-atomicredteam
PurpleCloud
invoke-atomicredteam | PurpleCloud | |
---|---|---|
5 | 1 | |
767 | 474 | |
1.6% | - | |
8.3 | 5.5 | |
5 days ago | 2 months ago | |
PowerShell | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
invoke-atomicredteam
-
Lack of Detections
Or if you want something with more features - use Atomic Red Team tests (https://github.com/redcanaryco/invoke-atomicredteam)
-
EDR Attack Simulation
Also, if you want to use Atomic Red Team (which you should), look towards https://github.com/redcanaryco/invoke-atomicredteam, a framework for automating usage of tests through that.
-
Cyber incident simulation script
powershell-based - https://github.com/redcanaryco/invoke-atomicredteam
-
Anyone have experience building a Windows AD lab environment in Docker?
However, I've been tinkering with this for a few days now without success so far. I'm running into bugs and also am simply uncertain whether this is even viable. For example, I don't know if the Windows images offered for Docker will support the commands run by the PowerShell testing suite we have in mind for simulating threats, Invoke-AtomicRedTeam. Theoretically, everything should work fine. I'm also curious if someone else has already done this and published setup scripts or anything to help.
- Best way to test an AV/EDR Solution
PurpleCloud
-
Anyone have experience building a Windows AD lab environment in Docker?
We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).
What are some alternatives?
APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
OpenSIEM-Logstash-Parsing - SIEM Logstash parsing for more than hundred technologies
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
cli - The Docker CLI
hashlookup-forensic-analyser - Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
EDR-Telemetry - This project aims to compare and evaluate the telemetry of various EDR products.
ThreatSim - Threat Simulator for Enterprise Networks
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.