Caldera: Simulating a Complete Attack Chain

This entry is part 10 of 13 in the series Red Team Engagements

Views: 17Attack Simulation In this blog post, we will explain the options to customise the Caldera framework and emulate an attack chain that traverses from Initial Access to Achieving the Objective. Before continuing further, please refer this article which details the procedure to setup Caldera on ParrotOS. For this scenario, we will emulate the following … Read more

Installing Caldera on ParrotOS: A Smoother Experience Compared to Ubuntu and Kali Linux

This entry is part 9 of 13 in the series Red Team Engagements

Views: 8Introduction MITRE Caldera is a powerful adversary emulation platform used for cybersecurity testing and red teaming. However, recent attempts to install Caldera on Ubuntu and Kali Linux have been met with issues—primarily due to the newer Python 3.13 versions. In contrast, installing Caldera on ParrotOS 6.3 (Lorikeet) has been a flawless experience. This blog … Read more

Atomic Red Team – A Framework for Threat Emulation: PART II

This entry is part 8 of 13 in the series Red Team Engagements

Views: 10This is the PART II article in the Atomic RED series. Please follow this link to read PART I of the series. Listing Atomic Techniques We can use the parameters – ShowDetailsBrief and ShowDetails that provide the details inside an Atomic file.  The output shows that ShowDetailsBrief lists the available tests in the specified Atomic and its corresponding Atomic … Read more

Atomic Red Team – A Framework for Threat Emulation: PART I

This entry is part 7 of 13 in the series Red Team Engagements

Views: 10Overview What is Atomic Red Atomic Red Team is an open-source framework designed for security testing and threat emulation. It allows security professionals to simulate real-world cyberattacks and assess the effectiveness of security controls and incident response processes. Supported Platforms Atomic Red Team can be used across multiple platforms: Platform Type Supported Platforms Operating … Read more

Operationalizing Security: CALDERA Meets WAZUH (PART II)

This entry is part 2 of 13 in the series Red Team Engagements

Views: 142Adversary emulation with Caldera and Wazuh Please visit here to read PART I of this series, which explains the Caldera setup and Windows agent installation. Agent setup Deploy Agents on Linux machines Now, the lab consists of 2 Windows victims and 1 Linux victim, as reported by Caldera below. Configure Sysmon on Windows victims … Read more

Operationalizing Security: CALDERA Meets WAZUH (PART I)

This entry is part 1 of 13 in the series Red Team Engagements

Views: 102CALDERA™ is an open-source framework designed to run autonomous adversary emulation exercises efficiently. It enables users to emulate real-world attack scenarios and assess the effectiveness of their security defences. In addition, it provides a modular environment for red team engagements, supporting red team operators for the manual execution of TTPs and blue teamers for automated … Read more

Web Attacks

This entry is part 2 of 3 in the series Offensive Testing Enterprise Networks

Views: 13Enumeration & Brute Force Authentication enumeration is a fundamental aspect of security testing, concentrating specifically on the mechanisms that protect sensitive aspects of web applications; this process involves methodically inspecting various authentication components ranging from username validation to password policies and session management. Each of these elements is meticulously tested because they represent potential … Read more

THREAT EMULATION: Introduction

This entry is part 4 of 13 in the series Red Team Engagements

Views: 37 Purpose of Threat Emulation Threat emulation is meant to assist security teams and organisations, in general, in better understanding their security posture and their defence mechanisms and performing due diligence in their compliance. These questions are addressed through cyber security assessments, mainly red team engagements, vulnerability assessments and penetration tests. Vulnerability assessments are … Read more