ch0ic3/h4cker
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2024-12-18 19:06:08 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #245 from The-Art-of-Hacking/santosomar-patch-13

Browse Source 
Update adversarial emulation
This commit is contained in:
Omar Santos 2024-12-09 19:42:59 -05:00 committed by GitHub
commit db894e8dc4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
adversarial_emulation/README.md
View File

@ -1,4 +1,33 @@
# Adversarial Emulation Tools # Adversarial Emulation Tools
- [Caldera](https://github.com/mitre/caldera)
Adversary emulation is a cybersecurity practice where security professionals replicate the tactics, techniques, and procedures (TTPs) of real-world threat actors to assess an organization's ability to detect, respond to, and mitigate sophisticated attacks. Unlike penetration testing, which focuses on identifying vulnerabilities, adversary emulation simulates the full lifecycle of an attack based on specific threat actors or Advanced Persistent Threats (APTs). This approach provides a realistic evaluation of an organization's security posture and incident response capabilities by mimicking actual adversaries' behaviors.
## Tools for Adversary Emulation
Several tools are available for adversary emulation, each offering unique features and capabilities:
### **Open-Source Tools**
1. **[MITRE Caldera](https://github.com/mitre/caldera)**:
- Automated adversary emulation framework based on the MITRE ATT&CK framework.
- Features include autonomous red-team engagements, customizable plugins, and support for post-exploitation/post-compromise techniques.
2. **[Atomic Red Team](https://github.com/redcanaryco/atomic-red-team)**:
- A library of scripts for simulating adversary behaviors.
- Focuses on validating detection capabilities but lacks automation by default.
3. **[Infection Monkey](https://www.akamai.com/infectionmonkey)**:
- Breach and attack simulation tool with lateral movement and ransomware assessment capabilities.
- Prioritizes breaching and network-wide infection but generates significant noise.
4. **[Stratus Red Team](https://stratus-red-team.cloud/)**:
- Designed for cloud environments (e.g., AWS, Azure, GCP).
- Covers tactics like initial access, privilege escalation, and exfiltration but has limited scope.
5. **[Security Datasets](https://github.com/OTRF/Security-Datasets)**:
- An open-source initiatve that contributes malicious and benign datasets, from different platforms, to the infosec community to expedite data analysis and threat hunting.
### **Other Tools**
- [SCYTHE](https://www.scythe.io/platform) - [SCYTHE](https://www.scythe.io/platform)
- [Randori](https://www.randori.com/attack/) - [Randori](https://www.randori.com/attack/)
These tools enable organizations to emulate realistic attack scenarios, improve their defenses, and enhance their readiness against evolving cyber threats.