/awesome-mitre-attack

A curated list of awesome resources related to Mitre ATT&CK™ Framework

Awesome Mitre ATT&CK™ Framework

Awesome

A curated list of awesome resources related to Mitre ATT&CK™ Framework

Contents


Red and Purple Team

Resources

Tools

Red Team

  • Cobalt Strike - Software for Adversary Simulations and Red Team Operations
  • PoshC2 - PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to aid penetration testers with red teaming, post-exploitation and lateral movement.
  • Empire - Post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
  • PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
  • Invoke-PSImage - Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image.

Purple Team

  • RE:TERNAL - RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities.
  • Purple Team ATT&CK Automation - Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
  • VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
  • Mordor - The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption.

Adversary Emulation

  • MITRE CALDERA - CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK™ framework.
  • Atomic Red Team - Small and highly portable detection tests based on MITRE's ATT&CK.
  • Metta - An information security preparedness tool to do adversarial simulation.
  • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

Threat Hunting

Resources

Tools

  • osquery-attck - Mapping the MITRE ATT&CK Matrix with Osquery
  • ATTACKdatamap - A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  • Splunk Mitre ATT&CK App - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  • auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
  • DeTTACT - DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours.
  • HELK - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
  • Sigma - Generic Signature Format for SIEM Systems
  • atomic-threat-coverage - Automatically generated actionable analytics designed to combat threats based on MITRE's ATT&CK.
  • CyberMenace - A one stop shop hunting app in Splunk that can ingest Zeek, Suricata, Sysmon, and Windows event data to find malicious indicators of compromise relating to the MITRE ATT&CK Matrix.
  • Wayfinder - Artificial Intelligence Agent to extract threat intelligence TTPs from feeds of malicious and benign event sources and automate threat hunting activities.
  • pyattck - A python package to interact with the Mitre ATT&CK Framework. You can find documentation here

Threat Intelligence

Resources

Tools

  • cti - Cyber Threat Intelligence Repository expressed in STIX 2.0
  • TALR - A public repository for the collection and sharing of detection rules in STIX format.

Community


License

CC0

To the extent possible under law, Rahmat Nurfauzi "@infosecn1nja" has waived all copyright and related or neighboring rights to this work.