Call MITRE ATT&CK Techniques by their T number

uber-common / metta

An information security preparedness tool to do adversarial simulation.

MIT License

1.09k stars 150 forks source link

Call MITRE ATT&CK Techniques by their T number #1

Open carnal0wnage opened 6 years ago

carnal0wnage commented 6 years ago

Metta should be able to take a list of ATT&CK T-numbers and execute baseline actions that correspond to those T-numbers.

Why? it could then read in the T numbers assigned to any APT group from: https://attack.mitre.org/wiki/Groups (or the json that supports that data in unfetter)

and then execute those actions.

Wishlist; your pentest group could provide you a list of things they did by T-number and you could reproduce in your environment via Metta

carnal0wnage commented 6 years ago

[ ] Add T-number option to the yaml
[ ] Create default actions (1 ?) for each T-number
[ ] Figure out how Metta will find the above files (most likely a specific folder?)
[ ] Modify the code to accept a list of T-numbers and execute the relevant file