CALDERA – Automated Adversary Emulation System


CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project.
These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions.

CALDERA - Automated Adversary Emulation ystem

CALDERA – Automated Adversary Emulation system

Using CALDERA allow user to have an agent on remote system and the agents may run remote commands or attack scenario. The output for each shell command will be displayed on the console. there are many attacking technique within the tool.  The network module will map your network and you can add all installed hosts on the network profile. After configuring network and agent module user may start the adversary attack module.

The adversary profile include the following:

  1. Persistence (Registry autorun keys, Scheduled Task ,Services)
  2. Privilege Escalation ( Weak service perms , Weak service file perms , Unquoted paths (Path interception))
  3. Defense Evasion (Scripting ,Timestomping)
  4. Credential Access ( Credential Dumping )
  5. Lateral Movement (Remote File Copy ,Windows Admin shares , Pass the Hash , PsExec)
  6. Discovery (Remote System Discovery ,Local Network config ,Registry, Account ,System information , Processes/services, System Owner, Permission Group ,Files)
  7. Execution ( PowerShell, Scheduled Task ,WMI, SC (service controller))
  8. Exfiltration HTTP/SLateral movement

This tool can be used by REDTEAM or BlueTEAM to test the security alerting. You can read more and download the tool over here: