This page contains a combination of resources for all things relating to adversary emulation, purple teaming, breach and attack simulation, threat emulation, security control validation, and . Note that this page intentionally excludes all the various tools used by red teamers or pen testers, to streamline this page as much as possible. Also, there are other pages out there dedicated to various tools used in the field, so I encourage you to check them out!
Anyone who has an interest in this space. There aren't a great deal of resources out there as this is a new and upcoming field which is still evolving, which is why I wanted to produce this list of resources which I hope you find useful.
If you have any feedback or would like your site listed, feel free to reach out via Twitter. Twitter handle: 0x4143
- Full credits/props/respect to all the respective authors for their content.
- I suspect that this list may morph gradually over time to possibly include other infosec related tools/links that aren't directly related to malware or RE, but I will try my very best to stay on topic! =)
- The links contained in each section are currently in no particular order.
- I may clean up the order at some point e.g. alphabetize, or order by preference.
- Some tools/links may likely be in the wrong category, I will review this as time goes on.
- This is a work-in-progress so bare with me!
- Sharing is caring, so feel free to forward this link around.
- "Haters gonna hate"!
- And last but not least, **enjoy! =)
- MITRE ATT&CK - https://attack.mitre.org/
- ATT&CK Navigator - https://mitre-attack.github.io/attack-navigator/
- ATT&CK Workbench - https://github.com/center-for-threat-informed-defense/attack-workbench-frontend
- Top ATT&CK Techniques - https://top-attack-techniques.mitre-engenuity.org/
- ATT&CK Flow - https://github.com/center-for-threat-informed-defense/attack-flow
- Adversary Emulation Plans - https://attack.mitre.org/resources/adversary-emulation-plans/
- CTID Projects - https://ctid.mitre-engenuity.org/our-work/
- Red Team Development and Operations - https://redteam.guide/
- Cybersecurity Attacks - Red Team Strategies - hhttps://www.packtpub.com/product/cybersecurity-attacks-red-team-strategies/9781838828868
- Adversarial Tradecraft in Cybersecurity - https://www.packtpub.com/product/adversarial-tradecraft-in-cybersecurity/9781801076203
- Purple Team Strategies - https://www.packtpub.com/product/purple-team-strategies/9781801074292?_ga=2.213212308.1414194808.1658233696-155052434.1658233696
- ATT&CKcon - https://www.mitre.org/attackcon
- Adversary Village - https://adversaryvillage.org/
- Getting Started with ATT&CK: Adversary Emulation and Red Teaming - https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3
- Purple Teaming at GitLab - https://about.gitlab.com/handbook/engineering/security/threat-management/red-team/purple-teaming/
- The Difference Between Red, Blue, and Purple Teams - https://danielmiessler.com/study/red-blue-purple-teams/
- 11 Strategies of a World-Class Cybersecurity Operations Center - https://www.mitre.org/sites/default/files/publications/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf
- Improve your Threat Hunt with Adversary Emulation - https://deepsec.net/docs/Slides/2020/Improve_Threat_Hunting_with_Adversary_Emulation_Thomas_V_Fischer.pdf
- The DFIR Report - https://thedfirreport.com/
- HackTricks - https://book.hacktricks.xyz/
- Control Validation Compass - https://controlcompass.github.io/
- The C2 Matrix - https://www.thec2matrix.com/
- Caldera - https://github.com/mitre/caldera
- Vectr.io - https://vectr.io/
- Stratus Red Team - https://github.com/DataDog/stratus-red-team
- Atomic Red Team - https://github.com/redcanaryco/atomic-red-team
- Silver - https://github.com/BishopFox/sliver
- Unit 42 PlayBook Viewer - https://pan-unit42.github.io/playbook_viewer/
- APTSimulator - https://github.com/NextronSystems/APTSimulator
- Red Teaming Toolkit Collection - https://0xsp.com/offensive/red-teaming-toolkit-collection/
- MITRE ATT&CK Defender - https://mitre-engenuity.org/cybersecurity/mad/
- SANS SEC565: Red Team Operations and Adversary Emulation - https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/
- SANS SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention and Detection - https://www.sans.org/cyber-security-courses/purple-team-tactics-adversary-emulation/
- Applied Purple Teaming - https://www.antisyphontraining.com/applied-purple-teaming-w-kent-ickler-and-jordan-drysdale/
- Adversary Simulation and Red Team Tactics - https://www.mdsec.co.uk/training/adversary-simulation-red-team-tactics/
- Red Team Adversary Emulation Course - https://adversaryemulation.com/
- Adversary Emulation and Breach Attack Simulations - https://www.defensive-security.com/training-workshops/adversary-emulation-and-breach-attack-simulations
- Adversary Emulation and Purple Teaming - https://www.blackhat.com/us-22/training/schedule/index.html#adversary-emulation--purple-teaming-25772
- AttackIQ Academy - https://academy.attackiq.com/
- Picus Purple Academy - https://academy.picussecurity.com/
- Cymulate eCademy - https://cymulate.com/ecademy
- RedHunt OS v2 - https://www.kitploit.com/2019/08/redhunt-os-v2-virtual-machine-for.html
- DetectionLab - https://detectionlab.network/
- Purple Teaming Explained - https://www.youtube.com/watch?v=6s-G7u0w-wc
- Look at me, i'm the Adversary Now: Intro to Adversary Emulation - https://www.youtube.com/watch?v=vnr0kijaK60
- Adversary Emulation (Playlist) - https://www.youtube.com/playlist?list=PLfgStsuvpUpq4-PpsPnWBxVZAEAFoqzXJ
- ATT&CKing the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK - https://www.youtube.com/watch?v=p7Hyd7d9k-c