AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation

Structured Cyber Threat Intelligence CTI is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Under Test SUT whose environment is not fully described by public CTI. We measure how much of that environmen...

Autonomous Adversary: Red-Teaming in the Age of LLM

Language Model Agents LMAs are emerging as a powerful primitive for augmenting red-team operations. They can support attack planning, adversary emulation, and the orchestration of multi-step activity such as lateral movement, a core enabling capability of advanced persistent threat APT campaigns...

Bounty Hunter: Autonomous, Comprehensive Emulation of Multi-Faceted Adversaries

Adversary emulation is an essential procedure for cybersecurity assessments such as evaluating an organization's security posture or facilitating structured training and research in dedicated environments. To allow for systematic and time-efficient assessments, several approaches from academia an...

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...

Threat-informed defense: The evolution of red teaming in cybersecurity

While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...

Threat-informed defense: The evolution of red teaming in cybersecurity

While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...

AWS-Threat-Simulation-and-Detection - Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud. Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the...

Tenacity 2.0 – Emulating Threat groups

Introduction The previous article: Tenacity – An Adversary Emulation Tool for Persistence, walked us through the working of Tenacity, techniques it supports, and how it can help organizations and individuals to validate the risk posture. As with the second installment of the series, this post wil...

Tenacity – An Adversary Emulation Tool for Persistence

Persistence is one of the more sought-after techniques of an attacker or adversary. Persistence is achieved through a set of tactics or techniques that adversaries use to maintain their foothold on compromised systems across restarts, changed credentials, and other interruptions that could cut of...

UPDATE: FudgeC2 0.5.7

FudgeC2 0.5.7 was released in June and this post documents the changes made to it. As you may remember, this awesome adversary emulation system was listed in my older post titled - List of Open Source C2 Post-Exploitation Frameworks. The new version brings system SMTP support, operations security...

RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machin...

UPDATE: MITRE CALDERA 2.2.0

PenTestIT RSS Feed If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. Sometime back, an update - the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always,...

RedHunt OS - Virtual Machine For Adversary Emulation And Threat Hunting

Virtual Machine for Adversary Emulation and Threat Hunting RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. Base Machine: Lubuntu-17.10.1...

List of Adversary Emulation Tools

PenTestIT RSS Feed Every once in a while, the security industry brings forth a new buzz word and introduces terminologies that sound über cool and generate lot's of interest. One such word going around now-a-days is automated "adversary emulation". Let's first understand what this really means...

Automated Adversary Emulation System: CALDERA

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge ATT&CK...