Adversary Emulation Platforms

Monkey is an adversary emulation platform and breach and attack simulation tool designed to test network defenses through automated lateral movement and exploit delivery. It functions as a network security testing system that evaluates security posture by attempting to propagate through vulnerabilities and extract sensitive system credentials. The platform distinguishes itself by simulating specific real-world attacker behaviors, such as ransomware encryption, cryptojacking, and the theft of browser-stored credentials and secure shell keys. It utilizes binary hash randomization to evade antiv

Atomic Red Team is an adversary simulation tool and detection validation suite designed to emulate attacker behaviors. It functions as a security control testing framework that uses a library of portable tests to verify if security monitoring and alerting systems correctly identify specific malicious techniques. The project serves as a MITRE ATT&CK emulation framework, mapping individual test executions to a standardized industry taxonomy of adversary behaviors. This mapping allows for the validation of security controls against the MITRE ATT&CK matrix to identify gaps in detection and respon

RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

A toolset to make a system look as if it was the victim of an APT attack

An information security preparedness tool to do adversarial simulation.

Caldera is an adversary emulation platform and command and control framework designed to simulate cyber attack patterns. It functions as an automated red team tool and threat framework orchestrator, executing attack sequences based on standardized cybersecurity threat frameworks to validate security defenses and detection capabilities. The platform distinguishes itself through the dynamic compilation of customized executable payloads and the use of framework-mapped adversary modeling to structure attack techniques. It manages asynchronous agents on targeted endpoints via a central server acce

Viper is a command and control infrastructure manager and post-exploitation framework designed for adversary attack simulation and security assessment. It functions as an orchestrator for penetration testing, combining a system for managing compromised hosts across multiple operating systems with tools for security workflow automation. The platform is distinguished by its use of large language model agents to coordinate red team tasks, automate data processing, and provide intelligent decision support. It includes a network pivot visualizer that uses directional graphs to map relationships an

A utility to safely generate malicious network traffic patterns and evaluate controls.

Sliver is a command and control framework designed for adversary emulation and security assessment operations. It provides a centralized platform for managing remote systems, enabling security professionals to coordinate multi-operator sessions and maintain persistent, secure communication channels across diverse network environments. The framework distinguishes itself through its focus on stealth and infrastructure flexibility. It utilizes dynamic payload obfuscation to generate unique binaries and supports in-memory execution to minimize disk artifacts. Communication is secured through mutu

The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to