Our great sponsors
-
attack-flow
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
caldera_pathfinder
Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
This is what Attack Flow is specifically meant to help with (https://github.com/center-for-threat-informed-defense/attack-flow and https://www.youtube.com/watch?v=dlTTF4TF48A). Take a look at the CEO Scenario walkthrough (https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md), the use of a Sankey diagram to highlight how mitigations reduce the cost of risk is one of the best representations I know of.
There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.
There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.
Related posts
- What adversary emulation options are there nowadays to test SIEMs and IDSs?
- adversary_emulation_library: An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
- Attack Flow v2.0.1 — a language for describing how cyber adversaries combine and sequence various offensive techniques to achieve their goals
- Attack simulation tool based on CVE
- micro_emulation_plans: This collection expands the impact of the Adversary Emulation Library by developing easy-to-execute adversary emulation content that targets specific behaviors and challenges facing defenders