The most comprehensive Chinese cyber attack simulation tool inventory in history //
史上最全面的中國網絡攻擊模擬工具庫存
Lead: Simulated attacks provide a way to test the network’s ability to recover from advanced attacks, but in a simulated attack environment, all tests are automatically run by the system. If this is a true “attack,” the system will not run these attacks with simulated features. Still, “attack simulation” can help you verify your security tools.
Every once in a while, the security industry will have a new buzzword and introduce terms that sound cool and appealing. For example, the recent “adversary emulation” vocabulary, I translated it in this article as “attack simulation.” Let us first understand what it really means. Simulated attacks provide a way to test the network’s ability to recover from advanced attacks, but in a simulated attack environment, all tests are automatically run by the system. If this is a true “attack,” the system will not run these attacks with simulated features. Still, “attack simulation” can help you verify that your security tools are running as required, whether closed source or open source, to help run these simulation tests. In fact, MITRE has also developed an ATT&CK , ATT&CK is a curated knowledge base and model of cyberattack behavior, reflecting changes in the various stages of the attacker’s life cycle. ATT&CK is useful for understanding security risks against known attacks, planning for security improvements, and verifying that defenses work as expected. Most security tools seem to use this framework. Let’s take a look at the list of attack simulation tools.
Open source attack simulation tool
1.CALDERA: CALDERA provides an intelligent automated attack simulation system that reduces the resources required by security teams for routine testing, enabling them to solve other critical issues.
It can be used to test endpoint security solutions and assess the security posture of the network based on common attack techniques in the ATT&CK model. CALDERA uses the ATT&CK model to identify and simulate attack behavior, click here to download CADERERA .
2.Metta: Uber recently opened up this hostile simulation tool, which was generated by several internal projects. Metta uses Redis/Celery, Python and VirtualBox for hostile simulation so users can test host-based security systems. In addition, users can test other network-based security detection and control, but it depends on how it is set up. Metta is compatible with Microsoft Windows, MacOS and Linux endpoints, click here to download Uber Metta .
3. ATP Simulator: ATP Simulator is actually a set of Windows Batch scripts. Its main function is to simulate the activity of an attacker, not to simulate the activity of malware. ATP Simulator uses a set of tools and output files to make the system appear to be attacked. It can help you simulate a real attack environment in a more realistic way. Obviously, this is a Windows-only solution, click here to download ATP Simulator .
4. Red Team Automation: Recently, network security company Endgame has released the source code of Red Team Automation, a set of executables with 38 scripts and support to generate reliable components corresponding to the technology in the ATT&CK framework. To date, Red Team Automation offers 50 components supported by ATT&CK technology, and the number will increase in the future. I believe this tool provides very good endpoint detection and response (EDR) coverage.
Red Team Automation supports Microsoft Windows and is coded in python. It can also perform anti-forensics operations, maliciously propagate, bypass UAC (User Account Control), etc. Click here to download Red Team Automation .
5. Invoke -Adversary: Invoke-Adversary is a PowerShell script that evaluates security products and monitoring solutions based on the extent of APT attacks. Let’s just say that this tool is a newcomer in the field of attack simulation. Microsoft’s call attack is a PowerShell script. Inspired by the APT simulator, Invoke-Adversary has tested for persistent attacks, credential access, evasion detection, information collection, commands, and controls. Click here to download Invoke-Adversary .
6. Atomic Red Team: It is a new automated testing framework for security design. The Atomic Red Team was launched in 2017 and is an open source testing framework that tests users’ attack detection capabilities. It is called “atomic” because it can be used as a small component for small or large security teams to simulate the activities of a specific attacker.
The Atomic Red Team maps small, portable inspection tests to the Mitre ATT&CK framework, which is not automatic, but supports Microsoft Windows, MacOS and Linux styles. Click here to download Atomic Red Team .
7. Infection Monkey: Infection Monkey is a data center security detection tool released by Israeli security company GuardiCore at the 2016 Black Hat Conference. It is mainly used for automated detection of data center boundaries and internal server security. The tool is divided into Monkey (scanning and exploiting side) and C&C server (equivalent to reporter, but only for collecting information about monkey detection). Simply put, it is another open source vulnerability and attack simulation tool.
It is also coded in Python for Microsoft Windows and Linux systems. Click here to download Infection Monkey .
8. Blue Team Training Toolkit (BT3): This tool is a defensive security training software that takes your network analysis training courses, incident response drills and teamwork to the next level. This toolkit allows you to create realistic computer attack scenarios while reducing infrastructure costs, implementation time and risk.
It is written in Python and includes the latest versions of Encripto’s Maligno, Pcapteller and Mocksum. It also contains multiple malware indicator profiles, click here to download Blue Team Training Toolkit v2.6.
9. DumpsterFire : DumpsterFire is a modular, menu-driven, cross-platform Python tool for building custom, delayed distributed security events. Security personnel can use it to easily create custom event chains such as sensors or alert mappings, click here to download DumpsterFire v1.0.0 .
10. AutoTTP: Abbreviation for Automated Tactics Techniques & Procedures, AutoTTP based on the attack life cycle model . It uses a purely PowerShell and Python late exploit agent tool – Empire, click here to download AutoTTP .
The following open source tools are worth mentioning, but they are not technically an analog attack tool.
1. RedHunt operating system: The goal of the RedHunt operating system is to actively identify the attacks in the environment by integrating the attacker’s arsenal and the defender’s toolkit, thus becoming a one-stop security detection store that meets all your attack simulation and attack requirements. . The basic device is Lubuntu-17.10.1 x64. It contains the following tools for different purposes:
Attack Simulation: Caldera, Atomic Red Team, DumpsterFire, Metta, RTA, Nmap, CrackMapExec, Responder, Zap.
Recording and monitoring: Kolide Fleet, ELK (Elasticsearch, Logstash and Kibana) stack
Open Source Intelligence (OSINT): Maltego, Recon-ng, Datasploit, Thearvestor
Attack Information Analysis: Yeti, Harpoon
Click here to download RedHunt OS Beta v1
2. Invoke-ATTACKAPI : This is an open source PowerShell script that interacts with the MITRE ATT&CK framework through its own API to gather information about attack techniques, policies, etc. Click here to get this script.
Enterprise-class simulation attack tool
1. Cobalt Strike : Cobalt Strike is the commercial version of Armitage. Armitage is a Java-written Metasploit graphical interface attack software that can be used in conjunction with attacks known by Metasploit to automate attacks against existing vulnerabilities.
2. Israel’s network security company Cymulate : Cymulate is mainly for attack simulation of the following scenarios, such as simulated attack WAF, simulated attack mailbox, DLP attack test, SOC simulation test, mailbox test, ransomware test, Trojan, Payload penetration test, etc. . The main purpose of these tests is to improve the product, rich security awareness of employees, and the corresponding ability to detect and attack techniques to enhance. For example, the use of email and phishing attacks can count the number of users in the move.
3. Immunity Adversary Simulation : This platform allows you to build advanced permanent attack models from within the infrastructure and assess how the security team responds to live real attacks on the network.
4. SafeBreach: This software platform simulates attack violations throughout the kill chain without affecting users or infrastructure. Look here.
5. Network Security Startup SafeBreach : Founded in 2014, SafeBreach is headquartered in Delaware, USA, and is committed to revolutionizing the way the network security industry performs risk verification. The company provides users with a continuous security verification platform, using a centralized management system, combined with a complete hacking network method “script”, from the central location to manage the intrusion simulator of the distributed network, the simulator can play virtual hackers in the real world. The role, from the “hacker’s point of view” to actively demonstrate the cyber security risks of the enterprise. Users can verify their security control performance through this platform, analyze the impact of this attack on the company’s system and the effectiveness of the attack defense, so as to obtain sufficient time advantage to repair network risk vulnerabilities and improve the enterprise security operation and maintenance center. (SOC) Analyst responsiveness. In essence, this platform is to allow any enterprise to intuitively see how it will cope when it encounters a network attack in real life.
6. SimSpace ; SimSpace seems to be using Wormhole.
7. AttackIQ FireDrill : AttackIQ’s simulated attack platform, FireDrill, can launch simulated attacks against customers’ networks and test for flaws and vulnerabilities in defense systems.
8. Verodin Instrumented Security Platform : This platform proactively identifies configuration issues in the security stack and reveals the real difference between the attacker, the attack process, and the attack technology.
The above list does not include services such as MDSec’s ActiveBreach, Nk33, FusionX, Red Siege, Spectre Ops and TrustedSec, as they are implemented by real people.
Original Mandarin Chinese:
導語:模擬攻擊提供了一種用來測試網絡在應對高級攻擊時的恢復能力,不過在模擬攻擊環境下,所有測試均由系統自動運行如果這是一個真正的“攻擊”,系統將不會運行這些具有模擬特點的攻擊。儘管如此,“攻擊模擬”還是可以幫助你驗證你的安全工具
史上最全攻擊模擬工具盤點
每隔一段時間,安全行業就會出現一個新的熱門詞彙,並引入聽起來很酷以及吸引人們興趣的術語。比如最近出現的“adversary emulation”詞彙,我在本文將其翻譯為“攻擊模擬” 。首先讓我們先來了解它的真正含義,模擬攻擊提供了一種用來測試網絡在應對高級攻擊時的恢復能力,不過在模擬攻擊環境下,所有測試均由系統自動運行。如果這是一個真正的“攻擊”,系統將不會運行這些具有模擬特點的攻擊。儘管如此,“攻擊模擬”還是可以幫助你驗證你的安全工具是否按要求運行,無論是閉源還是開源,它都有助在運行這些模擬測試。事實上,MITER還開發了一種ATT&CK,ATT&CK是網絡攻擊行為的策劃知識庫和模型,反映了攻擊者生命週期的各個階段變化.ATT&CK對於理解針對已知攻擊行為的安全風險,規劃安全改進以及驗證防禦措施是否按預期工作很有用。大多數安全工具似乎都使用了這個框架。下面,就讓我們來看看攻擊模擬工具的列表。
史上最全攻擊模擬工具盤點
開源攻擊模擬工具
1.CALDERA:CALDERA提供了一個智能的自動化攻擊模擬系統,可以減少安全團隊進行常規測試所需的資源,使他們能夠解決其他關鍵問題。
史上最全攻擊模擬工具盤點
它可用於測試端點安全解決方案,並根據ATT&CK模型中常見的攻擊技術評估網絡的安全狀況.CALDERA利用ATT&CK模型來識別和模擬攻擊行為,點擊這裡下載CALDERA。
2.Metta:烏伯最近開源了這個敵對模擬工具,它是由多個內部項目產生的.Metta使用的Redis /芹菜,蟒和VirtualBox的進行敵對模擬,這樣用戶就可以測試基於主機的安全系統另外用戶還能測試其他基於網絡的安全檢測和控制,不過這具體取決於設置的方式.Metta與Microsoft Windows,MacOS和Linux端點兼容,點擊這裡下載Uber Metta。
3.ATP模擬器:ATP模擬器其實就是一套Windows Batch腳本集合,它的主要功能就是模擬攻擊者的活動,而並非模擬惡意軟件的活動.ATP Simulator會使用一組工具和輸出文件使系統看起來好像是被攻擊了。它可以幫助你以更真實的方式模擬真實的攻擊環境。顯然,這是一個僅限Windows的解決方案,點擊這裡下載ATP模擬器。
4.Red Team Automation:最近網絡安全公司Endgame公開了Red Team Automation的源代碼,它是一組有著38個腳本和支持的可執行文件,可生成與ATT&CK框架中的技術相對應的可靠組件。截至目前,紅隊自動化提供50種由ATT&CK技術支持的組件,將來數量還會增加。我相信,這個工具提供了非常好的端點檢測和響應(EDR)覆蓋。
史上最全攻擊模擬工具盤點
Red Team Automation支持Microsoft Windows,並且使用python進行編碼,另外它還可以執行反取證操作,進行惡意傳播,繞過UAC(用戶帳戶控制)等等,點擊這裡下載Red Team Automation。
5.Invoke-敵手:調用-敵手是一個基於APT攻擊程度,來評估安全產品和監控解決方案的PowerShell的腳本這麼說吧,該工具是攻擊模擬領域的新人,微軟的調用攻擊就是一種PowerShell的腳本。可能是受到了APT模擬器的啟發,截至目前,調用-敵手具有測試持久性攻擊,憑證訪問,逃避檢測,信息收集,命令和控制等功能,點擊這裡下載調用-敵手。
6.Atomic Red Team:它是針對安防設計的新型自動化測試框架,Atomic Red Team是在2017年推出的,是一個開源測試框架,可以測試用戶的攻擊檢測能力。之所以稱之為為“atomic(原子) )“,是因為它可以作為小型組件,方便小型或大型安全團隊使用,用來模擬特定攻擊者的活動。
Atomic Red Team會員小巧便攜的檢測測試映射到Mitre ATT&CK框架,該框架不是自動的,但支持Microsoft Windows,MacOS和Linux風格,點擊這裡下載Atomic Red Team。
7.感染猴子:感染猴子是一款由以色列安全公司GuardiCore在2016黑帽大會上發布的數據中心安全檢測工具,其主要用於數據中心邊界及內部服務器安全性的自動化檢測。該工具在架構上,則分為猴(掃描及漏洞利用端)以及C&C服務器(相當於記者,但僅僅只是用於收集猴探測的信息)。簡單說,它是另一個開源漏洞和攻擊模擬工具。
史上最全攻擊模擬工具盤點
它也用Python編碼,適用於Microsoft Windows和Linux系統,點擊這裡下載Infection Monkey。
8.藍隊培訓工具包(BT3):該工具是用於防禦性安全培訓的軟件,它將你的網絡分析培訓課程,事件響應演練和團隊合作提升到一個新的水平。該工具包允許你創建逼真的計算機攻擊場景,同時降低基礎架構成本,實施時間和風險。
史上最全攻擊模擬工具盤點
它是用Python編寫的,包括Encripto的Maligno,Pcapteller和Mocksum的最新版本。它還包含多個惡意軟件指示符配置文件,點擊這裡下載Blue Team Training Toolkit v2.6。
9.DumpsterFire:DumpsterFire是一個模塊化的,菜單驅動的跨平台Python工具,用於構建自定義的,延遲的分佈式安全事件。安全人員可以利用它輕鬆創建比如傳感器或警報映射(alert mapping)的自定義事件鏈,點擊這裡下載DumpsterFire v1.0.0。
10.AutoTTP:Automated Tactics Techniques&Procedures的縮寫,AutoTTP基於攻擊生命週期模型(攻擊生命週期模型)。它使用了一個純碎的PowerShell和Python後期漏洞利用代理工具–Empire,點擊這裡下載AutoTTP。
以下開源工具值得一提,不過它們在技術上不屬於模擬攻擊工具
1.RedHunt操作系統:RedHunt操作系統的目標是通過集成攻擊者的武庫以及防御者的工具包來積極識別環境中的攻擊,從而成為一站式安全檢測商店,滿足你的所有攻擊仿真和攻擊要求。基本設備是Lubuntu-17.10.1 x64。它包含以下用於不同目的的工具:
攻擊仿真:Caldera,Atomic Red Team,DumpsterFire,Metta,RTA,Nmap,CrackMapExec,Responder,Zap。
記錄和監測:Kolide Fleet,ELK(Elasticsearch,Logstash和Kibana)堆棧
開源智能(OSINT):Maltego,偵察-NG,Datasploit,Thearvestor
攻擊信息分析:Yeti,Harpoon
點此下載RedHunt OS Beta v1
2.Invoke-ATTACKAPI:這是一個開源的PowerShell腳本,通過自己的API與MITER ATT&CK框架進行交互,以收集有關攻擊技術,策略等信息,點擊這裡獲取這個腳本。
企業級模擬攻擊工具
1.Cobalt Strike:Cobalt Strike是Armitage商業版,Armitage是一款Java寫的Metasploit圖形界面的攻擊軟件,可以用它結合Metasploit已知的攻擊來針對存在的漏洞自動化攻擊。
2.以色列的網絡安全公司Cymulate:Cymulate主要是針對以下場景進行攻擊模擬,例如模擬攻擊WAF,模擬攻擊郵箱,DLP攻擊測試,SOC模擬測試,郵箱測試,勒索軟件測試,木馬,有效載荷滲透攻擊測試等。這類測試的主要目的是完善產品,豐富員工的安全意識,以及相應的攻擊技術能力檢測和提升。舉個例子,利用郵箱以及可以統計釣魚攻擊有多少用戶中招。
3.Immunity Adversary Simulation:該平台允許你從基礎架構內建立高級永久性攻擊模型,並評估安全團隊如何應對網絡上活躍的真實攻擊。
看看該軟件平台模擬整個殺戮鏈中的攻擊違規方法,而不會影響用戶或基礎設施這裡:4.SafeBreach。
5.網絡安全初創公司SafeBreach:SafeBreach創立於2014年,總部位於美國特拉華州,致力於革新網絡安全行業風險驗證的方式。公司為用戶提供一個持續性安全驗證平台,採用集中管理系統,結合完整的黑客入侵網絡方法“劇本”,從中心位置管理分佈式網絡的入侵模擬器,模擬器能夠在現實世界中扮演虛擬黑客的角色,從“黑客的角度”主動展示企業存在的網絡安全風險。用戶可以通過這一平台驗證自己的安全控制性能,分析這種攻擊對於公司系統的影響力及攻擊防禦的有效性問題,從而獲得充足的時間優勢來修復網絡風險漏洞,並提高企業安全運維中心(SOC)分析師響應能力。實質上,這一平台就是可以讓任何企業直觀的看到在現實生活中遇到網絡攻擊時,自己將如何應對。
6.SimSpace; SimSpace似乎在使用蟲洞。
7.AttackIQ FireDrill:AttackIQ的模擬攻擊平台FireDrill可以針對客戶的網絡展開模擬攻擊,測試防禦系統的缺陷和漏洞。
8.Verodin儀表化的安全平台:該平台會主動識別安全堆棧中的配置問題,並揭示攻擊者,攻擊流程和攻擊技術之間的真實區別。
以上列表不包括諸如MDSec的ActiveBreach,Nk33,FusionX,Red Siege,Spectre Ops和TrustedSec等服務,因為它們是由真人實施的。
Original Referring url: http://www.4hou.com/web/11241.html
