Small and highly portable detection tests based on MITRE's ATT&CK.

Automated Adversary Emulation Platform

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Utilities for MITRE™ ATT&CK

A list of useful Detection Engineering-related resources.

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API

MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Azure AD.

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines

attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage

Detection rules for Hayabusa

A simple, fully python ransomware PoC using AES-CTR and RSA. Supports Windows, Linux and macOS

🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)

Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.

This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.

Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io

This tool maps a file's behavior on MITRE ATT&CK matrix.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.