AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation

Structured Cyber Threat Intelligence CTI is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Under Test SUT whose environment is not fully described by public CTI. We measure how much of that environmen...

Autonomous Adversary: Red-Teaming in the Age of LLM

Language Model Agents LMAs are emerging as a powerful primitive for augmenting red-team operations. They can support attack planning, adversary emulation, and the orchestration of multi-step activity such as lateral movement, a core enabling capability of advanced persistent threat APT campaigns...

Bounty Hunter: Autonomous, Comprehensive Emulation of Multi-Faceted Adversaries

Adversary emulation is an essential procedure for cybersecurity assessments such as evaluating an organization's security posture or facilitating structured training and research in dedicated environments. To allow for systematic and time-efficient assessments, several approaches from academia an...

Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations

Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations...

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...

Threat-informed defense: The evolution of red teaming in cybersecurity

While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...

Threat-informed defense: The evolution of red teaming in cybersecurity

While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...

AWS-Threat-Simulation-and-Detection - Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud. Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the...

Tenacity 2.0 – Emulating Threat groups

Introduction The previous article: Tenacity – An Adversary Emulation Tool for Persistence, walked us through the working of Tenacity, techniques it supports, and how it can help organizations and individuals to validate the risk posture. As with the second installment of the series, this post wil...

Tenacity – An Adversary Emulation Tool for Persistence

Persistence is one of the more sought-after techniques of an attacker or adversary. Persistence is achieved through a set of tactics or techniques that adversaries use to maintain their foothold on compromised systems across restarts, changed credentials, and other interruptions that could cut of...

UPDATE: FudgeC2 0.5.7

FudgeC2 0.5.7 was released in June and this post documents the changes made to it. As you may remember, this awesome adversary emulation system was listed in my older post titled - List of Open Source C2 Post-Exploitation Frameworks. The new version brings system SMTP support, operations security...

UPDATE: MITRE CALDERA 2.6.5

MITRE CALDERA 2.6.5 is now available! My last post about CALDERA from MITRE was about MITRE CALDERA 2.5.1 and as you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. This release includes a new plugin – Training. It has been...

UPDATE: FudgeC2 0.5.4

FudgeC2 0.5.4 was released recently. As you may remember, this awesome adversary emulation system was listed in my older post titled – List of Open Source C2 Post-Exploitation Frameworks. This newer version brings in refactored code, improvements to the stager, bug fixes among other changes...

UPDATE: MITRE CALDERA 2.5.0

MITRE CALDERA 2.5.0 is now available since the last release - MITRE CALDERA 2.4.0, which was released in the month of December. As you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. What is MITRE CALDERA? CALDERA is an...

UPDATE: MITRE CALDERA 2.4.0

MITRE CALDERA 2.4.0 is now available! It has been just four months since the release of MITRE CALDERA 2.3.0. As you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. This release has a lot of new feature, breaking and...

RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machin...

UPDATE: MITRE CALDERA 2.3.0

PenTestIT RSS Feed A month ago, MITRE Caldera 2.2.0 was released and a couple of days back now MITRE CALDERA 2.3.0 was released as well. If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. A lot of changes have be...

UPDATE: MITRE CALDERA 2.2.0

PenTestIT RSS Feed If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. Sometime back, an update - the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always,...

UPDATE: MITRE CALDERA 2.0

PenTestIT RSS Feed I read a tweet about two days ago and today, MITRE CALDERA 2.0 is out already! If you remember, I wrote briefly about this automated adversary emulation system in my post titled - List of Adversary Emulation Tools. This is a major update and the current version supports Windows...

Comparison of Open Source Adversary Emulation Tools

PenTestIT RSS Feed If you liked my older post titled "List of Adversary Emulation Tools", I am sure you must want to know what is the difference or comparison between the different tools. This post is an attempt to do just that -to list down the comparison of open source adversary emulation tools...