Skip to content

Threat Simulation

A curated list of awesome adversary simulation resources

Tools

  • MITRE CALDERA - An automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks.
  • APTSimulator - A Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.
  • Atomic Red Team - Small and highly portable detection tests mapped to the Mitre ATT&CK Framework.
  • Network Flight Simulator - flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.
  • Metta - A security preparedness tool to do adversarial simulation.
  • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
  • SharpShooter - Payload Generation Framework.
  • CACTUSTORCH - Payload Generation for Adversary Simulations.
  • DumpsterFire - A modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events.
  • Empire(website) - A PowerShell and Python post-exploitation agent.
  • PowerSploit - A PowerShell Post-Exploitation Framework.
  • RedHunt-OS - A Virtual Machine for Adversary Emulation and Threat Hunting. RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment.
  • Infection Monkey - An open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.
  • Splunk Attack Range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.

Resources