Attack Chain/Exploitation Path Diagram Generation Tools?

This page summarizes the projects mentioned and recommended in the original post on /r/redteamsec

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • attack-flow

    Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

    This is what Attack Flow is specifically meant to help with (https://github.com/center-for-threat-informed-defense/attack-flow and https://www.youtube.com/watch?v=dlTTF4TF48A). Take a look at the CEO Scenario walkthrough (https://github.com/center-for-threat-informed-defense/attack-flow/blob/main/docs/ceo_scenario.md), the use of a Sankey diagram to highlight how mitigations reduce the cost of risk is one of the best representations I know of.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • caldera

    Automated Adversary Emulation Platform

    There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.

  • caldera_pathfinder

    Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.

    There's also a plugin for Caldera (https://github.com/mitre/caldera) called Pathfinder (https://github.com/center-for-threat-informed-defense/caldera_pathfinder and https://www.youtube.com/watch?v=gQRWkHFRG-s) that can help.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • What adversary emulation options are there nowadays to test SIEMs and IDSs?

    1 project | /r/AskNetsec | 7 Nov 2023
  • adversary_emulation_library: An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

    1 project | /r/blueteamsec | 22 Apr 2023
  • Attack Flow v2.0.1 — a language for describing how cyber adversaries combine and sequence various offensive techniques to achieve their goals

    1 project | /r/blueteamsec | 10 Apr 2023
  • Attack simulation tool based on CVE

    4 projects | /r/redteamsec | 6 Oct 2022
  • micro_emulation_plans: This collection expands the impact of the Adversary Emulation Library by developing easy-to-execute adversary emulation content that targets specific behaviors and challenges facing defenders

    1 project | /r/blueteamsec | 17 Sep 2022

Did you konow that Python is
the 1st most popular programming language
based on number of metions?