adversary_emulation_library
adversary_emulation_library copied to clipboard
center-for-threat-informed-defense
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Executing a MSF powershell stager through the SQL-RAT's exec-cmd is spawning WerFault.exe. This is in turn causing failure in getting a working sessions. Running the stager manually on the victim...
What is the use of UAC Bypass step if the infrastructure already needs: UAC to be set to Never Notify?
In the APT29 yaml file, at line 1749, command of T1105 is missing below the "executors" tag : line 1746 executors: line 1747 - name: powershell line 1748 command: |...
Multiple payloads are not available while execution: *************** . .\stepTwelve.ps1;detectav . : The term '.\stepTwelve.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program....
When I start caldera server, I got below error: ************************************ 2021-06-21 08:18:58 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in ffb50e17-cb3c-4424-a4e7-99e3885f22cc but not found: mimikatz.exe 2021-06-21 08:18:58 - WARNING (data_svc.py:369 _verify_abilities)...
The following plans are currently not being checked by GitHub Actions: - [ ] Carbanak - [ ] FIN7
Hi, I try to run Carbanak procedures in my lab. When I executing metasploit module "post/windows/manage/run_as" in step 10.A.3, it seems didn't have enough permission to change firewall settings. kmitnick...
Hi, I managed to successfully complete the Day 1 Scenario for the evals plugin with the plan `adversary_emulation_library/apt29/Archive/CALDERA_DIY/evals/data/adversaries/d6115456-604a-4707-b30e-079dec5aad53.yml` [Caldera DIY Emulation plan](https://github.com/center-for-threat-informed-defense/adversary_emulation_library/blob/master/apt29/Archive/CALDERA_DIY/evals/data/adversaries/d6115456-604a-4707-b30e-079dec5aad53.yml) but when launching the day 1 scenario through...
Hi all, I'm using the Emu plugin as well as the dev version of Caldera in order to launch APT 29 simulated attacks I've found/encountered an error in the Bypass...
Hello there, I'm currently trying to reproduce the APT29 Scenario 1 in local and noticed that the dependencies on the attacker platform (192.168.0.4) aren't pinned. This is quite troublesome as...
Metadata
Owner
center-for-threat-informed-defense
Metadata
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.