AdversaryAutomation.md

Tools to automate attacker or end-user

• APT Simulator
• Atomic-Parser
• atomic-red-team
• ATTACK-Tools
• EDR-Testing-Script
• flightsim
• Invoke-Adversary
• Invoke-UserSimulator
• List of Adversary Emulation Tools - PenTestIT.html
• MalwLess
• metta
• PurpleSharp
• pyattck
• RTA
• sheepl
• youzer

Infrastructure & Labs

• Want to test out Microsoft #Security products (and others) but don't have the environment to thoroughly test? Want to simulate Active Directory, privileged users, to learn more about credential exposure? Check it out this Defend the Flag environment
• DefendTheFlag

Atomic RedTeam

• Blue teams can now test their #ActiveDirectory attack detection mechanisms (SIEM, FW...) using #AtomicRedTeam by @redcanary LINK

T1003.006 DCSync https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md#atomic-test-1---dcsync
T1207 DCShadow https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md#atomic-test-1---dcshadow---mimikatz
T1558.001 Golden ticket https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md#atomic-test-1---crafting-golden-tickets-with-mimikatz
T1110.001 Brute Force https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md#atomic-test-2---brute-force-credentials-of-single-domain-user-via-ldap-against-domain-controller-ntlm-or-kerberos
T1110.003 Password spraying https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md#atomic-test-3---password-spray-all-domain-users-with-a-single-password-via-ldap-against-domain-controller-ntlm-or-kerberos
T1055 Remote Process Injection https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md#atomic-test-3---remote-process-injection-in-lsass-via-mimikatz