METTA – Information Security Preparedness Tool

0
0

Security monitoring is becoming more and more complex. This is because of the various type of application and system we use. Today each application or protocol we should have the correct security device and system to analyze and inspect required packet or information. Next it will be important to start testing your security measures and this can be with several programs including METTA.

METTA is a project that consist of several automated attack scenarios with description for each of them to validate detecting the intrusion on time. The tool include a folder with several yaml files with links to the Adversarial Tactics, Techniques & Common Knowledge to provide users what this attack impact and what they expect to have in term of alarms.

METTA - Information Security Preparedness Tool

METTA – Information Security Preparedness Tool

Attack scenario include the following modules:

  • Adversarial Simulation.
  • Credential_Access (Several modules that include flame a sophisticated toolkit that has been used to collect information since at least 2010. there is also some module to check the bash history logs)
  • Defense_Evasion ( this will simulate disabling firewalls and security and check if there is the detection of this attack in place)
  • Discovery (this type of attack will be simulating attacker attempt to get information about running processes on a system).
  • Exfiltration (Simulate ex-filtration attack where attacker will send data using FTP, SMTP, HTTP/S, DNS, or some other network protocols).
  • Lateral_Movement (this module will run ssh connection to move from one system to another. the attack affect linux or MacOS)
  • Persistence (this attack for post exploitation using cron job for example but you can find more techniques)
  • Privilege Escalation.

You can find attack for windows based operating system ,Linux based OS and Mac OS. To read more and download the tool follow this link: https://github.com/uber-common/metta

Share