Security News > 2024 > January > Automated Emulation: Open-source breach and attack simulation lab

Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab.

The creator of Automated Emulation, Jason Ostrom, aimed to develop an infrastructure security lab to enhance skills in adversary simulation, focusing on linking TTPs and evaluating various endpoint security products.

"It's really powerful to have automation like this at your fingertips to quickly build things, test an attack, and then destroy. What better way to do this than having a disposable adversary emulation lab where you can build Caldera with different Atomic Red Team atomics and custom payloads? For any changes to TTPs and payloads, the Terraform and bash scripts allow you to push any new, saved changes automatically. So, the next time you build the lab, they get automatically pushed," Ostrom told Help Net Security.

With this lab, his goal was to make some aspects of the technology approach more accessible to the community, exposing users to new methods without revealing the custom and proprietary terraform modules used in SANS's lab creations.

He pointed out the distinctive aspect of the lab he was discussing: it does not utilize such secondary tools.

Instead, the lab leverages a cloud provider feature known as "User-data." This feature, in combination with terraform and the cloud provider's native capabilities, is used to implement changes, differentiating this lab's approach from others in the field.

News URL

https://www.helpnetsecurity.com/2024/01/25/automated-emulation-open-source-attack-simulation-lab/