Endgame has released a set of open-source tools that allow enterprises to test defences against modern attacker behaviours. These tools are called red team automation (RTA).
Security teams that lack sufficient time and resources will now have the ability to measure protection capabilities beyond malware-based attacks. This is because, RTA directly map to MITRE’s ATT&CK matrix, the most comprehensive framework for attacker techniques and tactics.
Only 49 percent of today’s cyber attacks represent a major vulnerability concern for organisations facing fileless or malwareless-based attacks that bypass existing security controls. Testing an organisation’s ability to stop these behaviours is often too complex. The MITRE Corporation has developed the best model of modern attacker capabilities. With Endgame’s RTA, customers will now have access to a turnkey validation toolkit that helps teams better understand their security posture.
“Endgame’s RTA is simple and easy to implement or extend, allowing practitioners to effectively test their organisations’ defences against techniques outlined in the ATT&CK framework. With RTA, enterprises will have better assurance that their protections can withstand even the most sophisticated attacker behaviours. We are pleased to make this free and open source contribution and look forward to working with the community on its improvement,” said Mark Dufresne, Director of Threat Research and Adversary Prevention, Endgame.
Endgame plans to release additional scripts in the coming months that expand this coverage across the entire ATT&CK matrix, and is also accepting pull requests from the industry to contribute to its open source project.
Endgame has shared the RTA framework publicly to help organisations accelerate and enable the assessment process and highlight detection coverage and gaps. As a result, organisations will be able to focus more confidently on monitoring high real-time detections in their enterprise and prioritise filling critical gaps in coverage.
The Endgame RTA repository currently has 38 scripts. It has capabilities to use native tools to download and execute remote files. It enables anti-forensics operations such as deleting volume journals. Read more…