An initiative from the Open Threat Research (OTR) community to share cloud templates and scripts to deploy network environments to simulate adversaries, generate/collect data and learn more about adversary tradecraft from a defensive perspective. The difference with other environments is that we do not have one scenario to cover all use-cases, but multiple modular environments that adapt to specific topics of research.
Think of this repository as the library of emulation/simulation plans but from an infrastructure perspective 🏗️
We started by sharing ATT&CK evaluations environment templates with the community (i.e APT29 Scenario). Now we are expanding our scope and building more templates for other projects such as:
- Center for Threat Informed Defense - Adversary Emulation Library
- ATT&CK Evaluations
- RhinoSecurityLabs - CloudGoat
Finally, we do not only create these environments for someone to follow an attack path and execute it, but also to collect and share telemetry. Every environment built under the project SimuLand
has a data pipeline to export the data collected during the simulation and share it with the community officially through the Mordor Project.
Roberto Rodriguez @Cyb3rWard0g