Skip to content
/ Adversary-Emulation-using-MITRE-ATT-CK-and-Red-Team-Tools Public

A hands-on red team project using MITRE CALDERA to emulate adversary behavior mapped to the MITRE ATT&CK framework. Simulates real-world attacker tactics, techniques, and procedures (TTPs).

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mallikarjunr827/Adversary-Emulation-using-MITRE-ATT-CK-and-Red-Team-Tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
APT-Emulation-Test_report(1).json
APT-Emulation-Test_report(1).json
 
 
APT-Emulation-Test_report.json
APT-Emulation-Test_report.json
 
 
Agent interface.png
Agent interface.png
 
 
LICENSE
LICENSE
 
 
Operation Task 1 max abilities.png
Operation Task 1 max abilities.png
 
 
Operation Test 2.png
Operation Test 2.png
 
 
Operations Task 1.png
Operations Task 1.png
 
 
Output for AMT emu(screenshot which express process sucess).png
Output for AMT emu(screenshot which express process sucess).png
 
 
Output for AMT emulation2.png
Output for AMT emulation2.png
 
 
Output for check internet connection using ping feedback.png
Output for check internet connection using ping feedback.png
 
 
Output for dumpetcshadow.png
Output for dumpetcshadow.png
 
 
Output for execution Test.png
Output for execution Test.png
 
 
Output of collect ARP.png
Output of collect ARP.png
 
 
README.md
README.md
 
 
Screenshot_2025-08-02_00_06_13.png
Screenshot_2025-08-02_00_06_13.png
 
 
Screenshot_2025-08-05_16_19_42.png
Screenshot_2025-08-05_16_19_42.png
 
 
Screenshot_2025-08-05_16_19_53.png
Screenshot_2025-08-05_16_19_53.png
 
 
abilities created under collection.png
abilities created under collection.png
 
 

Repository files navigation

->Adversary Emulation using MITRE ATT&CK and Red Team Tools

This project simulates real-world adversary behavior using the MITRE CALDERA automated adversary emulation platform. It demonstrates tactics and techniques mapped to the MITRE ATT&CK framework, offering hands-on experience in red teaming, persistence, privilege escalation, lateral movement, and more.

-Project Objectives

  • Emulate adversaries using the MITRE ATT&CK framework
  • Understand attacker Tactics, Techniques, and Procedures (TTPs)
  • Gain hands-on experience with tools like CALDERA, Sandcat agents, and plugins
  • Simulate real-world cyber attacks safely in a virtual lab environment
  • Build a red team portfolio project suitable for LinkedIn and job applications

-Tools & Technologies

Tool Purpose
MITRE CALDERA Adversary emulation platform
Sandcat Agent Communication agent (GoLang)
Linux (Kali) Target endpoint
VirtualBox/VMware Virtual lab setup
MITRE ATT&CK Adversary behavior framework

-MITRE ATT&CK Techniques Demonstrated

Tactic Example Technique(s)
Initial Access Spearphishing Simulation, Direct Execution
Execution cmd, bash scripts, reverse shell commands
Persistence Cron Jobs, Bash profile modification
Privilege Escalation Sudo misconfig, SetUID exploitation
Defense Evasion Obfuscated payloads
Credential Access Shadow file exfiltration
Discovery Host/network enumeration
Lateral Movement SSH-based simulation
Command and Control Simulated ping back to C2 server
Exfiltration File exfiltration using curl/wget

-How the Project Works

  1. Set up CALDERA on an Ubuntu/Kali VM
  2. Deploy Sandcat Agent to the target endpoint
  3. Create or import adversaries using ATT&CK techniques
  4. Run operations to simulate attack chains
  5. Review the results and extracted artifacts

-What I Learned

  • Red team automation using CALDERA
  • Deep understanding of MITRE ATT&CK framework
  • How to simulate real-world attacks safely
  • How to build cybersecurity projects for a public portfolio

-Environment Setup

This project was executed using the MITRE CALDERA platform in a virtual lab (Kali Linux). CALDERA was run locally, and the Sandcat agent was deployed to emulate real-world adversary behaviors. This project was executed using the MITRE CALDERA platform in a virtual lab (Kali Linux). CALDERA was run locally, and the Sandcat agent was deployed to emulate real-world adversary behaviors. https://localhost:8888

About

A hands-on red team project using MITRE CALDERA to emulate adversary behavior mapped to the MITRE ATT&CK framework. Simulates real-world attacker tactics, techniques, and procedures (TTPs).

Topics

cybersecurity redteam mitre-attack adversary-emulation threat-simulation

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published