Top 23 mitre-attack Open-Source Projects

• kubescape

  76 9,686 9.5 Go

  Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

  

Project mention: CodiumAI PR-Agent Dominates the Dev World with Versatility and Open-Source Power | dev.to | 2023-12-03

CodiumAI PR-Agent’s influence extends deeply within open-source projects. An exemplary illustration is Kubespace, a Cloud Native Computing Foundation (CNCF) sandbox project. Since its adoption in August, Kubespace has been utilizing the PR-Agent service. They also recently had a public bug bounty collaboration with CodiumAI. This program added an extra layer of community-driven scrutiny, encouraging contributors to utilize simple commands like /describe for effective pull request messages. Here the contributor wanted to better describe the PR, so he used the /describe prompt.

• atomic-red-team

  32 9,020 9.8 C

  Small and highly portable detection tests based on MITRE's ATT&CK.

  

Project mention: Which Antivirus do you recommend and why? | /r/sysadmin | 2023-06-28

You can write your own or look at testing tools like Cytest to ensure that your business goals are met and to ensure your sensors are configured correctly, and ART for attack chains.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• caldera

  16 5,175 9.2 Python

  Automated Adversary Emulation Platform

  

Project mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03

Also, for the attack emulation part you might be interested in CALDERA.

• RedTeam-Tools

  2 5,144 5.8

  Tools and Techniques for Red Team / Penetration Testing

• sysmon-modular

  15 2,485 6.8 PowerShell

  A repository of sysmon configuration modules

Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

• EVTX-ATTACK-SAMPLES

  1 2,126 0.0 HTML

  Windows Events Attack Samples

• Certified-Kubernetes-Security-Specialist

  5 1,916 2.1 AGS Script

  Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• stratus-red-team

  8 1,618 8.8 Go

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  

• adversary_emulation_library

  8 1,537 9.5 C

  An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

  

Project mention: What adversary emulation options are there nowadays to test SIEMs and IDSs? | /r/AskNetsec | 2023-11-07

Unfortunately I don't have the background and knowledge of cybersecurity needed to plan a pentest of my own. Also, it would be more interesting to emulate the attacks of actual APTs known in the wild. So far, I've tested Caldera, Invoke-AtomicRedTeam and manual tests from CTID's adversary emulation library: https://github.com/center-for-threat-informed-defense/adversary_emulation_library

• Digital-Forensics-Guide

  6 1,335 6.4 Python

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide

• Incident-Playbook

  10 1,329 0.0 Python

  GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

• Shuffle

  4 1,259 9.6 Shell

  Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

  

Project mention: Private Equity has Ruined Everything | /r/msp | 2023-07-02

Take a look at n8n.io or shuffler.io

• BLUESPAWN

  1 1,206 0.0 C++

  An Active Defense and EDR software to empower Blue Teams

• threathunting

  3 1,102 1.7 Python

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

• atomic-threat-coverage

  1 938 10.0 Python

  Actionable analytics designed to combat threats

  

• Open-Source-Security-Guide

  23 846 6.4 Go

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

• sysmon-config

  1 749 7.2 PowerShell

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

• KubeHound

  2 633 9.0 Go

  Kubernetes Attack Graph

  

Project mention: KubeHound: Kubernetes Attack Graph | /r/blueteamsec | 2023-10-09

• atc-react

  1 571 10.0 Python

  A knowledge base of actionable Incident Response techniques

  

• attack-flow

  5 499 8.9 TypeScript

  Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

  

• EVTX-to-MITRE-Attack

  2 476 3.7

  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

• tram

  3 391 7.9 Jupyter Notebook

  TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

  

• connectors

  2 324 9.9 Python

  OpenCTI Connectors (by OpenCTI-Platform)

  

Project mention: How to integrate openCTI with Splunk? | /r/threatintel | 2023-07-12

Connector on GitHub - https://github.com/OpenCTI-Platform/connectors/tree/master/stream/splunk

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

mitre-attack related posts

• should we write our own custom rule
  2 projects | /r/cybersecurity | 4 Dec 2023
• CodiumAI PR-Agent Dominates the Dev World with Versatility and Open-Source Power
  3 projects | dev.to | 3 Dec 2023
• Kubescape 3.0 is available to enhance your K8s security experience
  1 project | dev.to | 7 Nov 2023
• What adversary emulation options are there nowadays to test SIEMs and IDSs?
  1 project | /r/AskNetsec | 7 Nov 2023
• How to integrate openCTI with Splunk?
  1 project | /r/threatintel | 12 Jul 2023
• Sysmon 15.0 is out now with advanced features
  2 projects | /r/sysadmin | 29 Jun 2023
• Which Antivirus do you recommend and why?
  1 project | /r/sysadmin | 28 Jun 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 25 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com