Disclaimer: – This note was written by me (Mayank Nauni) in my personal capacity. The opinions expressed in this article are solely my own and do not reflect the view of my employer or my preference towards any of the OEMs.

This long weekend, I was thinking of an automated pipeline for Blue / Red Teams which could potentially perform their routine testing, freeing them to address other critical tasks, in short, I was looking for Adversary Emulation tools

Driving Factors for Adversary Emulation Tools

·        Firewalls and Anti-Virus can be easily bypassed by the attackers

·        Existing Security policies are reactive i.e. detect and address

·        Extreme shortage of InfoSec professionals

What should be the focus: –

·        Analyse the network traffic and identify anomalous activity , proactive approach

·        Threat modelling, conduct research, analysis and correlation across source data sets

·        Notify the users promptly on the possible attacks

Did some research and stumbled upon this wonderful tool called Caldera, it is an automated adversary emulation system, built on the ATT&CK framework, that performs post-compromise adversarial behaviour inside the networks.

What did I like about Caldera:-

Ø  It keeps it real

Ø  Focuses on end to end security

Ø  Reusable

Follow these documents to learn about Caldera

https://www.blackhat.com/docs/eu-17/materials/eu-17-Miller-CALDERA-Automating-Adversary-Emulation.pdf

https://www.mitre.org/research/technology-transfer/open-source-software/caldera

https://github.com/mitre/caldera