CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions. CALDERA is useful for defenders who want to generate real data that represents how an adversary would typically behave within their networks. Since CALDERA's knowledge about a network is gathered during its operation and is used to drive its use of techniques to reach a goal, defenders can get a glimpse into how the intrinsic security dependencies of their network allow an adversary to be successful. CALDERA is useful for identifying new data sources, creating and refining behavioral-based intrusion detection analytics, testing defenses and security configurations, and generating experience for training.
adversary-emulation caldera security-automation red-team mitre mitre-attack security-testingN.B: Mapping has been done to the level of ATT&CK technique (not procedure).
dfir dataset threat-hunting winlogbeat mitre-attack evtx windows-security detection-engineeringSmall and highly portable detection tests mapped to the Mitre ATT&CK Framework.Our Atomic Red Team tests are small, highly portable detection tests mapped to the MITRE ATT&CK Framework. Each test is designed to map back to a particular tactic. We hope that this gives defenders a highly actionable way to immediately start testing their defenses against a broad spectrum of attacks.
mitre mitre-attack threat-detection threat-hunting threat huntingShuffle is an automation platform focused on accessibility. We believe everyone should have access to efficient processes, and are striving to make that a possibility by making integrations for YOUR tools. Security Operations is complex, but it doesn't have to be. Please consider sponsoring the project if you want to see more rapid development.
security integrations automation discord openapi orchestration cybersecurity shuffle agplv3 hacktoberfest orchestrator security-automation soar orchestrator-gui workflow-editor mitre-attack security-orchestratorThis is a Microsoft Sysinternals Sysmon configuration repository, set up modular for easier maintenance and generation of specific configs. Note: I do recommend using a minimal number of configurations within your environment for multiple obvious reasons, like; maintenance, output equality, manageability and so on.
sysmon dfir threat-hunting mitre-attack modular security-toolsContainer of PCAP captures mapped to the relevant attack tactic.
detection threat-hunting pcapng pcap-files mitre-attackMalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community. These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to the Windows EventLog, then you can foward it to your event collector.
blueteam dfir mitre-attack sysmon siem redteam powershellJSON DATASET for macOS mapped to MITRE ATT&CK Techniques and Tactics recorded using Elastic Endpoint Security for macOS. N.B. for community contributions any forms of logs collection and formats are acceptable (preference for JSON).
detection threat-hunting elastic blueteam mitre-attackChinese state-sponsored cyber actors use a full array of tactics and techniques to exploit computer networks of interest worldwide to acquire sensitive intellectual property, economic, political, and military information. The Joint Cybersecurity Advisory provides information on tactics, techniques, and procedures (TTPs) used by Chinese state-sponsored cyber actors. Alternatively, click this link to view the content directly in the Navigator.
tactics procedures techniques mitre-attack mitre-attack-navigator
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.