red_team_attack_lab
Red Team Attack Lab for TTP testing & research (by Marshall-Hallenbeck)
attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk (by splunk)
| red_team_attack_lab | attack_range | |
|---|---|---|
| 5 | 12 | |
| 476 | 1,969 | |
| - | 2.3% | |
| 4.5 | 7.7 | |
| 12 months ago | about 11 hours ago | |
| PowerShell | Jinja | |
| GNU General Public License v3.0 only | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
red_team_attack_lab
Posts with mentions or reviews of red_team_attack_lab.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-04.
- Can anyone describe their red team infrastructure?
-
Non-Internet Connected IAC Range
There are some pretty solid examples like splunk attack range or detection lab available on GitHub. They leverage ansible, virtual box, and vagrant. My team used to use red team lab https://github.com/Marshall-Hallenbeck/red_team_attack_lab internally for demos, but has since moved to Snaplabs for the ease of deployment and cost. I can have a junior engineer spin up an entire Ad instance from a template in 5 minutes vs fighting virtual box and ansible to 2 days.
-
Active directory scripts for setting a lab?
Try this https://github.com/Marshall-Hallenbeck/red_team_attack_lab
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
- Red Team Attack Lab for TTP testing & research
attack_range
Posts with mentions or reviews of attack_range.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-06-08.
-
Splunk core certification
My advice… Don’t rush. Study the material and get a good understanding of the fundamentals. Each certification builds on the previous ones. If Splunk is a path you want to pursue, build those fundamentals. Put in the reps in a lab. Download BOTS, attack range data sets. Take a look at Splunk & Machine Learning YouTube channel. His videos are fantastic and he maintains a GitHub repo so you can use the datasets to practice what you learned on the video.
- Is there any repository for sample raw audit logs for various software platforms?
- Need to setup AD lab for praticing..
-
Dataset I can test IDS/IPS tools against?
Somewhat related, but if you’re using splunk, you could use Splunk Attack Range which simulates attacks.
- learning splunk. is there a way to "play" with it?
-
Introducing Splunk Attack Range v2.0
hey I think you are looking at a older repo for the local attack_range, we have not maintained this .. the current Splunk Attack Range lives here: https://github.com/splunk/attack_range/
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
-
Terraform and Ansible
This is a project I've contributed to at work. It's designed to launch & configure a lab environment for security researchers, but that's not too important. It has a python CLI that takes a configuration file. That config file determines what bits of Terraform and ansible are executed. The Terraform builds instances in AWS (or Azure) and all the associated bits, and then calls the ansible playbook to provision that type of host.
-
Cool security project using Splunk?
Attack range: https://github.com/splunk/attack_range
-
How-to build detection scenarios properly?
have a look at Splunk's Attack Range project, which automates Caldera and Atomic Red Team for these kinds of purposes. i think this might help you as you gauge visibility, rulesets, etc ... https://github.com/splunk/attack_range
What are some alternatives?
When comparing red_team_attack_lab and attack_range you can also consider the following projects:
cervantes - Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
GOAD - game of active directory
BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
awesome-emulators-simulators - A curated list of software emulators and simulators of PCs, home computers, mainframes, consoles, robots and much more...
passwordstate-decryptor - PowerShell script that decrypts password entries from a Passwordstate server.
attack_range_local - Build a attack range in your local machine
gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
fakernet - A framework for quickly creating internet-like services for labs, exercises, and research.
Awesome-Cybersecurity-Datasets - A curated list of amazingly awesome Cybersecurity datasets
red_team_attack_lab vs cervantes
attack_range vs DetectionLab
red_team_attack_lab vs GOAD
attack_range vs BlueTeam.Lab
red_team_attack_lab vs Infosec_Reference
attack_range vs awesome-emulators-simulators
red_team_attack_lab vs passwordstate-decryptor
attack_range vs attack_range_local
red_team_attack_lab vs gitjacker
attack_range vs fakernet
red_team_attack_lab vs DetectionLab
attack_range vs Awesome-Cybersecurity-Datasets