Skip to content
A curated list of awesome resources related to Mitre ATT&CK™ Framework
Branch: master
Clone or download
Latest commit 19c5294 Jul 24, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Jul 24, 2019

README.md

Awesome Mitre ATT&CK™ Framework

Awesome

A curated list of awesome resources related to Mitre ATT&CK™ Framework

Contents


Red and Purple Team

Resources

Tools

Red Team

  • Cobalt Strike - Software for Adversary Simulations and Red Team Operations
  • PoshC2 - PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to aid penetration testers with red teaming, post-exploitation and lateral movement.
  • Empire - Post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
  • PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
  • Invoke-PSImage - Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image.

Purple Team

  • RE:TERNAL - RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities.
  • Purple Team ATT&CK Automation - Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
  • VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
  • Mordor - The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption.

Adversary Simulation

  • MITRE CALDERA - CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK™ framework.
  • Atomic Red Team - Small and highly portable detection tests based on MITRE's ATT&CK.
  • Metta - An information security preparedness tool to do adversarial simulation.
  • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

Threat Hunting

Resources

Tools

  • osquery-attck - Mapping the MITRE ATT&CK Matrix with Osquery
  • ATTACKdatamap - A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  • Splunk Mitre ATT&CK App - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  • auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
  • DeTTACT - DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours.
  • HELK - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
  • Sigma - Generic Signature Format for SIEM Systems
  • atomic-threat-coverage - Automatically generated actionable analytics designed to combat threats based on MITRE's ATT&CK.
  • CyberMenace - A one stop shop hunting app in Splunk that can ingest Zeek, Suricata, Sysmon, and Windows event data to find malicious indicators of compromise relating to the MITRE ATT&CK Matrix.
  • Wayfinder - Artificial Intelligence Agent to extract threat intelligence TTPs from feeds of malicious and benign event sources and automate threat hunting activities.
  • pyattck - A python package to interact with the Mitre ATT&CK Framework. You can find documentation here

Threat Intelligence

Resources

Tools

  • cti - Cyber Threat Intelligence Repository expressed in STIX 2.0
  • TALR - A public repository for the collection and sharing of detection rules in STIX format.

Community


License

CC0

To the extent possible under law, Rahmat Nurfauzi "@infosecn1nja" has waived all copyright and related or neighboring rights to this work.

You can’t perform that action at this time.