mitre-attack

Small and highly portable detection tests based on MITRE's ATT&CK.

Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

Automated Adversary Emulation Platform

Windows Events Attack Samples

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Web app that provides basic navigation and annotation of ATT&CK matrices

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

An Active Defense and EDR software to empower Blue Teams

Utilities for MITRE™ ATT&CK

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Actionable analytics designed to combat threats

A Linux Auditd rule set mapped to MITRE's Attack Framework

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing

Scripts and a (future) library to improve users' interactions with the ATT&CK content

A knowledge base of actionable Incident Response techniques

MITRE ATT&CK Website

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.

Elemental - An ATT&CK Threat Library

PCAP Samples for Different Post Exploitation Techniques

Test Blue Team detections without running any attack.

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

Detecting ATT&CK techniques & tactics for Linux

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS/Bugcrowd issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.