Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,6 @@ repos:
hooks:
- id: bandit
entry: bandit -ll --exclude=tests/ --skip=B303
additional_dependencies:
- pbr
- importlib-metadata<5; python_version < '3.8'
20 changes: 14 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
# MITRE Caldera Plugin: Emu

A plugin supplying Caldera with TTPs from the Center for Threat Informed Defense (CTID) Adversary Emulation Plans.
## Overview:

# Installation
The Emu plugin supplies Caldera with TTPs from MITRE’s Center for Threat Informed Defense (CTID) Adversary Emulation Plans.

### Context:
High-fidelity adversary emulation

<!-- ### Known Limitations: -->

## Installation:

Using the Emu plugin with Caldera will enable users to access the adversary profiles contained in the [CTID Adversary Emulation Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library).

Expand All @@ -14,9 +21,10 @@ To run Caldera along with the Emu plugin:
5. Some adversaries may require additional payloads and executables to be downloaded. Run the `download_payloads.sh` script to download these binaries to the `payloads` directory.
6. Start Caldera again. You will see the Emu plugin shown on the left sidebar of the Caldera server, and you will be able to access the Adversary Emulation Library adversary profiles from the Adversary tab of the Caldera server.

# Additional setup
## Dependencies/Requirements:

Each emulation plan will have an adversary and a set of facts. Please ensure to select the related facts to the
adversary when starting an operation.
adversary when starting an operation.

Because some payloads within the Adversary Emulation Library are encrypted, a Python script is used to automate
the decryption which requires installation of some dependencies. Depending on the host OS, `pyminizip`
Expand All @@ -28,6 +36,6 @@ can be installed using the following:

See URL for more information regarding `pyminizip`: https://github.com/smihica/pyminizip

## Acknowledgements
## Getting Started:

- [Adversary Emulation Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library)
View MITRE CTID's emulation plans here: [Adversary Emulation Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library)
5 changes: 4 additions & 1 deletion tests/test_emu_security.py
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ def _get_yaml_files(self, directory):
yaml_files = []
if not os.path.isdir(directory):
return yaml_files
for root, dirs, files in os.walk(directory):
for root, _dirs, files in os.walk(directory):
for fname in files:
if fname.endswith('.yml') or fname.endswith('.yaml'):
yaml_files.append(os.path.join(root, fname))
Expand Down Expand Up @@ -142,3 +142,6 @@ def test_data_yaml_files_are_valid_if_present(self):
data = yaml.safe_load(f)
except yaml.YAMLError as e:
pytest.fail(f"Failed to parse {fpath}: {e}")
assert data is not None, (
f"YAML file is empty: {fpath}"
)
Loading