Realm: Open-source adversary emulation framework
Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size.
“Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code, defenders can replay attack actions, and red teams can create repositories of their TTPs and processes for multiple engagements. Realm is also extremely scalable! Group actions are easy to create in our Web GUI, allowing you to get information from multiple hosts at once,” a spokesperson for the project told Help Net Security.
Realm components
Agent (imix)
- Written in Rust with support for macOS, Linux, and Windows.
- Supports long-running tasks by reading output from tasks in real time.
- Interval callback times.
- Simple file-based configuration.
- Embedded files.
- Built-in interpreter.
Server (tavern)
- Web interface.
- Group actions.
- graphql backend for easy API access.
- OAuth login support.
- Cloud native deployment with pre-made terraform for production deployments.
Built-in interpreter (eldritch)
- Reflective DLL Loader.
- Port scanning.
- Remote execution over SSH.
Future plans and download
“For the future, we want to expand the ways you can contextualize information via our Web GUI. We want red teams to have the most visibility possible into how things are going during an engagement. We also want it to be easier for red teams to collaborate with defenders, allowing the defenders to learn from the engagement,” the spokesperson concluded.
Realm is available for free download on GitHub.
Must read:
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time
source: HelpNetSecurity
Free security scan for your website
Top News:
Google Chrome uses AI to analyze pages in new scam detection feature
December 21, 2024CISA orders federal agencies to secure Microsoft 365 tenants
December 18, 2024Recorded Future CEO applauds "undesirable" designation by Russia
December 19, 2024Five lesser known Task Manager features in Windows 11
December 25, 2024DDoS Attacks Surge as Africa Expands Its Digital Footprint
December 26, 2024