The name Mordor comes from the awesome book/film series "The Lord of the Rings", and it was a place where the evil forces of Sauron lived. This repository is where data generated by known "malicious" adversarial activity lives, hence the name of the project.
- Provide free portable malicious datasets to expedite the development of data analytics.
- Facilitate adversarial techniques simulation and output consumption.
- Allow security analysts to test their skills with real known bad data.
- Improve the testing of hunting use cases and data analytics in an easier and more affordable way.
- Enable data scientists to have semi-labeled data for initial research.
- Map threat hunter playbooks to their respective pre-recorded data for validation purposes.
- Contribute to the ATT&CK framework Data Sources section of each technique and sub-technique.
- Ingest known bad data samples for training and capture the flag (CTF) events.
- Learn more about red team simulation exercises and technology such as Kafkacat, Kafka and Jupyter Notebooks.
Projects Using Mordor
There are a few things that we would like to accomplish with this repo as shown in the To-Do list below. Share your pre-recorded data with us following our same setup (working on a standard setup..), and help others in the Cyber community to validate their detection use cases in a faster and easier way.
- Dynamically generate mordor datasets readme files in restructuredtext
- Release environment scripts
- Add OSquery to endpoints for Linux/macOS
- Share Terraform & Packer config files to deploy the same environment in the cloud
- Add a Bro sensor
- Multiple custom network setup for contributions
- Add toolsets to the Empire box inside of AWS configuratons
- Prepare Large Dataset ;)
More coming soon...