Chain-Reactor – An Open Source Framework For Composing Executables That Simulate Adversary Behaviors And Techniques On Linux Endpoints

Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so customizing its behavior is as simple as editing a file. Get started ForRead More

Red-Kube – Red Team K8S Adversary Emulation Based On Kubectl

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker’s perspective. The commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster. The commands are mapped to MITRE ATT&CK Tactics to help get a senseRead More

PurpleSharp – C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments

Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained.PurpleSharp is an open sourceRead More