Introduction

2020-07-13

Red Team activities are undoubtedly one of the fastest developing solutions against the cyber attacks of today. In this talk, we’ll take a look at our work on an open-source proactive machine learning powered automation tool that performs red team simulations. This automation tool provides the opportunity to try out all available attack scenarios, thereby helping the community, especially organizations, to develop mechanisms to protect against these attacks before attackers do. Currently, red, blue and purple teams are improving day by day with the contributions made by open source. We will demonstrate the scenario playbook developed to collect the scenarios prepared for the red, blue and purple team on a single scenario place. The aim of this playbook is to protect the systems from such attack vectors, to examine the attack scenarios, to protect their systems by viewing the protection mechanisms and to contribute to these scenarios. With the built-in Scenario Place, people can either run these scenarios or check the scenario configurations on their systems. All scenario titles are prepared in accordance with MITRE and Cyber Kill Chain. All scenarios from various teams such as Atomic Red Team, Mitre and TIBER-EU are fed into the application as input. The target distribution of those scenarios has been found out to be 60% Windows, 19% Linux and 21% MacOS, which is an uneven distribution. Balancing this distribution with the support of people in the open source community can be achieved with a project like this. Our side aim is to gather and develop the attack scenarios not only for the endpoints but also for the network.Protection mechanisms will be developed on the network side with the malicious traffic and applications enriching scenarios. When commercial red team applications are examined, it is seen that they cover at most 2000 scenarios. With this built-in component, relevant open source repositories and other red-team sources that can create scenarios will be scanned and analyzed to reach a much larger number of scenarios. These scenarios would then be available to be used for a threat hunting service. Thus, this project will both contribute to the public community and help people improve their security posture.

Red Team Problems:

Adversarial emulation challenges

Simulation tool problems

How ideal simulation tool works

Why do wee need Manticore Platform

Manticore Platform

We released Manticore Platform tool on the our github repository.

Manticore Adversary Emulation Client Tool - https://github.com/Manticore-Platform/manticore-cli

Manticore Public Scenarios Repository - https://github.com/Manticore-Platform/public-scenarios

Manticore Public Threats Repository - https://github.com/Manticore-Platform/public-threats

Manticore Sample Ransomware Emulation Repository - https://github.com/Manticore-Platform/ransomware-emulation