Red Teaming/Adversary Simulation Toolkit

  • November 14, 2021
  • By Cyberarch Admin

Why red teaming important?

The information security stakes for organizations have never been higher. Nation-states and wired criminals are mounting attacks with increased sophistication. Consumer awareness about information security continues to rise and, with it, greater expectations about the protectors of their data.

Meanwhile, regulators have ratcheted up their scrutiny of data-handling practices, most notably in the European Union, where violations of the new General Data Protection Regulation (GDPR) can result in penalties of $23 million, or 4% of global revenue, whichever is higher.

Red teaming can give an organization the kind of comprehensive testing needed to expose vulnerabilities at every attack level and allow it to better understand how to respond to cyberattacks. Red teaming goes beyond system-specific tests and focuses on an organization’s assets—looking at, for example, the risk of intellectual property theft and the security of customer contact lists, personal identifiable information, and payment details.

so here let us find a collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement.

Reconnaissance red teaming

Active Intelligence Gathering

  • EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness
  • AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump
  • AQUATONE is a set of tools for performing reconnaissance on domain names. https://github.com/michenriksen/aquatone
  • spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. https://github.com/BishopFox/spoofcheck
  • Nmap is used to discover hosts and services on a computer network, thus building a “map” of the network. https://github.com/nmap/nmap
  • dnsrecon a tool DNS Enumeration Script. https://github.com/darkoperator/dnsrecon
  • dirsearch is a simple command line tool designed to brute force directories and files in websites. https://github.com/maurosoria/dirsearch

Passive Intelligence Gathering

Frameworks

Weaponization red teaming

Delivery red teaming

Phishing

Watering Hole Attack

Command and Control red teaming

Remote Access Tools

Staging

Recent Articles

Got hacked? Speak to our security consultant.

Get in Touch
Scroll Top

Contact Us

Follow Us