OTRF/SimuLand

Stars
127
Rank 282,790 (Top 6 %)
Language
Shell
License
GNU General Publi...
Created over 4 years ago
Updated over 3 years ago

OTRF/SimuLand

OTRF

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Cloud Templates and scripts to deploy mordor environments

SimuLand 🏝️

An initiative from the Open Threat Research (OTR) community to share cloud templates and scripts to deploy network environments to simulate adversaries, generate/collect data and learn more about adversary tradecraft from a defensive perspective. The difference with other environments is that we do not have one scenario to cover all use-cases, but multiple modular environments that adapt to specific topics of research.

Think of this repository as the library of emulation/simulation plans but from an infrastructure perspective 🏗️

We started by sharing ATT&CK evaluations environment templates with the community (i.e APT29 Scenario). Now we are expanding our scope and building more templates for other projects such as:

Center for Threat Informed Defense - Adversary Emulation Library
- ATT&CK Evaluations
RhinoSecurityLabs - CloudGoat

Finally, we do not only create these environments for someone to follow an attack path and execute it, but also to collect and share telemetry. Every environment built under the project SimuLand has a data pipeline to export the data collected during the simulation and share it with the community officially through the Mordor Project.

Author

Roberto Rodriguez @Cyb3rWard0g

ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Security-Datasets

Re-play Security Events

OSSEM

Open Source Security Events Metadata (OSSEM)

ATTACK-Python-Client

Python Script to access ATT&CK content available in STIX via a public TAXII server

Microsoft-Sentinel2Go

Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.

Blacksmith

Building environments to replicate small networks and deploy applications

OSSEM-DM

OSSEM Detection Model

detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets

Jupyter Notebook

infosec-jupyter-book

The Infosec Community Definitive Guide to Jupyter Notebooks

infosec-jupyterthon

A community event for security researchers to share their favorite notebooks

Jupyter Notebook

GenAI-Security-Adventures

Jupyter Notebook

Set-AuditRule

Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity

notebooks-forge

A collection of notebooks built for defensive and offensive operations.

Jupyter Notebook

API-To-Event

A repo to document API functions mapped to security events across diverse platforms

OSSEM-DD

OSSEM Data Dictionaries

OSSEM-CDM

OSSEM Common Data Model

bloodhound-notebook

BloodHound Cypher Queries Ported to a Jupyter Notebook

openhunt

bloodhound-notebooks

Notebooks created to attack and secure Active Directory environments

Jupyter Notebook

SANS-BlueTeamSummit-2022

Repo to track SANS BlueTeam Summit Presentation

Jupyter Notebook

2021-OceanLotus-workshop

BHEU22-ADFS

Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations

MEAN

Microsoft Entra ID Administration LLM-based Autonomous Agent

Jupyter Notebook

docker-c2

Docker files used to deploy known Command & Control (C2) Frameworks

workshop-ekoparty-bluespace-2020

Materiales para enseñar lo básico de Jupyter Notebooks y análisis de data con Pandas

OpenSec-Library

Blog-Website

Official OTR Blog Website

Infosec-DMZ

OSSEM-DD-MASK

An extension of the OSSEM-DD repository.

Community-Presentations