• Skip to content
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Google Dorks
  • Shodan Queries
  • Malware Sources
  • Privacy Policy

PenTestIT

Your source for all things Information Security!

You are here: Home / Open Source / Comparison of Open Source Adversary Emulation Tools

Comparison of Open Source Adversary Emulation Tools

Posted: 6 months ago by @pentestit 7114 views

If you liked my older post titled “List of Adversary Emulation Tools“, I am sure you must want to know what is the difference or comparison between the different tools. This post is an attempt to do just that -to list down the comparison of open source adversary emulation tools. I have compared their capabilities against the 11 tactics mentioned in the MITRE ATT&CK framework.
Comparison of Open Source Adversary Emulation Tools

Comparison of Open Source Adversary Emulation Tools:

As mentioned earlier, the 11 tactics that Mitre CALDERA, Uber Metta, APTSimulator, Endgame Red Team Automation & Guardicore Infection Monkey are being compared against are:

  1. Initial Access: The initial access tactic represents the vectors adversaries use to gain an initial foothold within a network.
  2. Execution: This tactic represents techniques that result in execution of adversary-controlled code on a local or remote system.
  3. Persistence: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system.
  4. Privilege Escalation: Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions on a system or network
  5. Defense Evasion: This tactic consists of techniques an adversary may use to evade detection or avoid other defenses.
  6. Credential Access: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment.
  7. Discovery: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network.
  8. Lateral Movement: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems.
  9. Collection: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration.
  10. Exfiltration: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network.
  11. Command & Control: The C&C tactic represents how adversaries communicate with systems under their control within a target network.

Now that these are listed, this is the actual comparison:

Tactic NameCALDERAMettaAPTSimulatorRed Team AutomationInfection MonkeyAtomic Red Team
Initial AccessNoNoNoNoYesYes
ExecutionYesYesYesYesYesYes
PersistenceYesYesYesYesNoYes
Privilege EscalationYesYesNoYesNoYes
Defense EvasionYesYesYesYesNoYes
Credential AccessYesYesYesYesYesYes
DiscoveryYesYesYesYesYesYes
Lateral MovementYesYesNoYesYesYes
CollectionNoYesYesNoNoYes
ExfiltrationYesYesNoNoNoYes
Command & ControlNoYesNoYesYesYes

Please note that this is a very broad comparison based on the ATT&CK tactics and does not represent the full coverage by any tool. For example, Uber Metta seems to fare better than all the tools. However, it limited coverage for all the techniques and as of now, there are a good 219 techniques!

 

Share this post on:
witteracebookhatsAppoogle+ufferLinkedin It

Related Posts on PenTestIT:

  • UPDATE: Infection Monkey 1.6.1UPDATE: Infection Monkey 1.6.1
  • List of Adversary Emulation Tools
  • PwnBackPwnBack: Wayback Machine Leveraging Burp Extender Plugin!
  • Kubebot: A Kubernetes Based Security Testing Slackbot

Filed Under: Open Source, Penetration Testing, Tools, Vulnerability Assessment, Web Application Security Tagged With: Adversary Emulation, APT Simulator, Atomic Red Team, Attack Simulator, AutoTTP, Blue Team Training Toolkit, CALDERA, DumpsterFire, Infection Monkey, Metta, MITRE ATT&CK™, Red Team Automation

Reader Interactions

Primary Sidebar

Recent Posts

  • UPDATE: Buscador Version 2.0
  • BEEMKA: Basic Electron Post-Exploitation Framework
  • UPDATE: Cameradar v3.0.1
  • identYwaf: A Tool to Help You Identify Web Application Firewalls
  • UPDATE: XSStrike 3.1.2

Featured Post

UPDATE: Buscador Version 2.0

February 1, 2019 By Black

I briefly mentioned about Buscador in my previous post titled – List of Operating Systems for OSINT (Open-Source Intelligence). A few days ago, an updated – Buscador Version 2.0 was made available by the author. This post is about the changes made in the latest version. Share this post on: witteracebookhatsAppoogle+ufferLinkedin It

Secondary Sidebar

Categories

  • Docker Security
  • Fuzzing
  • Malware Analysis
  • Open Source
  • OSINT
  • Penetration Testing
  • Reverse Engineering
  • Site News
  • Tool Updates
  • Tools
  • Uncategorized
  • Vulnerability Assessment
  • Web Application Security
  • Wireless

Archives

  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017

Tags

Anchore APT2 Brute Force CloudFlare Cross-Site Scripting Cuckoo Sandbox DataSploit docker docker scan dockerscan FOCA Kali Linux malware malware analysis man-in-the-middle Metadata Metasploit Microsoft Windows MicroSploit Nmap open source OSINT OSRFramework OWASP OWASP Dependency-Check penetration testing penetration testing toolkit PowerShell PowerSploit python Raspberry Pi RedSnarf Responder reverse engineering Shodan Short Post software composition analysis SQL injection Sysdig Falco vulnerability assessment Web Application Security WiFi Wireshark WordPress WPXF

Copyright © 2019 - PenTestIT | Information shared to be used for LEGAL purposes only!