Evaluation results
- MITRE Engenuity ATT&CK® Evaluations is your resource for understanding how security solution providers might protect your organization's unique needs against known adversaries
- center-for-threat-informed-defense/adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs
Frameworks
- BishopFox/sliver - Adversary Emulation Framework - 2.5K star,功能挺强,还能开WireGuard VPN
- FSecureLABS/leonidas - a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties
- mitre-attack - github 总地址,包含一些工具,大部分都没啥用
- redhuntlabs/RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
- vysec/CACTUSTORCH - Payload Generation for Adversary Simulations
- NextronSystems/APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
- redcanaryco/atomic-red-team - Small and highly portable detection tests mapped to the Mitre ATT&CK Framework
- mitre/caldera - An automated adversary emulation system
- uber-common/metta - An information security preparedness tool to do adversarial simulation
- endgameinc/RTA - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
- TryCatchHCF/DumpsterFire - DumpsterFire Toolset - "Security Incidents In A Box!"
- jymcheong/AutoTTP - Automated Tactics Techniques & Procedures
- Cyb3rWard0g/Invoke-ATTACKAPI - A PowerShell script to interact with the MITRE ATT&CK Framework via its own API
- CyberMonitor/Invoke-Adversary - Simulating Adversary Operations
- P4T12ICK/ypsilon - an Automated Security Use Case Testing Environment using real malware to test SIEM use cases in an closed environment
- n0dec/MalwLess - Test Blue Team detections without running any attack
- Cyb3rWard0g/mordor - Re-play Adversarial Techniques
- mvelazc0/PurpleSharp - a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
- redcanaryco/chain-reactor - an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints
- forrest-orr/artifacts-kit - Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS
- redcanaryco/AtomicTestHarnesses - Public Repo for Atomic Test Harness
Botnet
Dataset