AttackMate: Requirements for a research centric attack orchestration tool

Wolfgang Hotwagner

AttackMate: Requirements for a research centric attack orchestration tool

Security & Communication Technologies

Publikation: Abschlussarbeit › Masterarbeit

Abstract

Angriffe zu automatisieren ist nicht nur für Pentester nützlich, sondern auch, um Verteidigungsmechanismen zu testen oder um Cyberübungen durchzuführen. Viele der bekannten Tools sind entweder explizit für Simulationen entwickelt worden, oder sie erfüllen nicht alle Anforderungen, um Securitytools adäquat testen zu können. Diese Lücken sollen durch das in dieser Arbeit entwickelte Tool "AttackMate" geschlossen werden. Durch eine Literaturrecherche wurden die Requirements für dieses Programm abgeleitet und Ziele definiert. Nach der Implementierung wurden drei Testbed-Szenarien erstellt und die definierten Ziele überprüft. "AttackMate" ist nicht nur in der Lage, Angriffe in jeder Phase der Cyberkillchain durchzuführen,sondern erlaubt es auch, Angriffsketten durchzuführen, in der Log-Artefakte erstellt werden, die kaum von Menschen gemachten Angriffen zu unterscheiden sind. Damit eignet sich "AttackMate" für den Einsatz im Pentesting, als Tool zur Erstellung simulierter Angriff bei Cyberexercises, und auch zur Evaluierung von Verteidigungsmechanismen

Originalsprache	Englisch
Qualifikation	Master of Science
Gradverleihende Hochschule	University of Applied Sciences Technikum Wien
Betreuer/-in / Berater/-in	Skopik, Florian, Berater:in Schubert, Stefan, Betreuer:in, Externe Person
Förderer	AIT Austrian Institute of Technology GmbH
Datum der Bewilligung	22 Okt. 2024
Publikationsstatus	Veröffentlicht - 21 Sept. 2024

Research Field

Cyber Security

Schlagwörter

Angriffskette
Security
Redteam
Blueteam
Trainings
Simulation
Killchain
Attack chain

Andere Dateien und Links

Link zur Masterarbeit

AttackMate: A modern open-source tool for automating cyberattacks
Hotwagner, W. (Vortragender)
20 Sept. 2024 → 22 Sept. 2024
Aktivität: Vortrag ohne Tagungsband / Vorlesung › Präsentation auf einer wissenschaftlichen Konferenz / Workshop
AttackMate: A modern open-source tool for automating cyberattacks
Hotwagner, W. (Vortragender)
18 Sept. 2024
Aktivität: Vortrag ohne Tagungsband / Vorlesung › Präsentation auf einer wissenschaftlichen Konferenz / Workshop
AttackMate: A modern open-source tool for automating cyberattacks
Hotwagner, W. (Vortragender)
7 Juni 2024
Aktivität: Vortrag ohne Tagungsband / Vorlesung › Präsentation auf einer wissenschaftlichen Konferenz / Workshop

Diese Publikation zitieren

@mastersthesis{5580f9225ee84797bbca877ad4d4645a,

title = "AttackMate: Requirements for a research centric attack orchestration tool",

abstract = "Automating attacks is not only useful for pentesters, but also for testing defence mechanismsor conducting cyber exercises. Many of the known tools have either been developed explicitlyfor simulations, or they do not meet all the requirements for adequately testing security tools.These gaps are to be closed by the {\textquoteleft}AttackMate{\textquoteright} tool developed in this thesis. The requirementsfor this programme were derived from a literature research and objectives were defined. Afterimplementation, three testbed scenarios were created and the defined objectives were checked.{\textquoteleft}AttackMate is not only able to carry out attacks in every phase of the cyberkillchain, but alsoallows attack chains to be carried out in which log artefacts are created that can hardly bedistinguished from man-made attacks. This makes {\textquoteleft}AttackMate{\textquoteright} suitable for use in pentesting,as a tool to simulate attacks in cyberexercises and also for evaluating defence mechanisms.",

keywords = "Angriffskette, Security, Redteam, Blueteam, Trainings, Simulation, Killchain, Attack chain, Angriffskette, Security, Redteam, Blueteam, Trainings, Simulation, Killchain",

author = "Wolfgang Hotwagner",

year = "2024",

month = sep,

day = "21",

language = "English",

school = "University of Applied Sciences Technikum Wien",

}

TY - THES

T1 - AttackMate: Requirements for a research centric attack orchestration tool

AU - Hotwagner, Wolfgang

PY - 2024/9/21

Y1 - 2024/9/21

N2 - Automating attacks is not only useful for pentesters, but also for testing defence mechanismsor conducting cyber exercises. Many of the known tools have either been developed explicitlyfor simulations, or they do not meet all the requirements for adequately testing security tools.These gaps are to be closed by the ‘AttackMate’ tool developed in this thesis. The requirementsfor this programme were derived from a literature research and objectives were defined. Afterimplementation, three testbed scenarios were created and the defined objectives were checked.‘AttackMate is not only able to carry out attacks in every phase of the cyberkillchain, but alsoallows attack chains to be carried out in which log artefacts are created that can hardly bedistinguished from man-made attacks. This makes ‘AttackMate’ suitable for use in pentesting,as a tool to simulate attacks in cyberexercises and also for evaluating defence mechanisms.

AB - Automating attacks is not only useful for pentesters, but also for testing defence mechanismsor conducting cyber exercises. Many of the known tools have either been developed explicitlyfor simulations, or they do not meet all the requirements for adequately testing security tools.These gaps are to be closed by the ‘AttackMate’ tool developed in this thesis. The requirementsfor this programme were derived from a literature research and objectives were defined. Afterimplementation, three testbed scenarios were created and the defined objectives were checked.‘AttackMate is not only able to carry out attacks in every phase of the cyberkillchain, but alsoallows attack chains to be carried out in which log artefacts are created that can hardly bedistinguished from man-made attacks. This makes ‘AttackMate’ suitable for use in pentesting,as a tool to simulate attacks in cyberexercises and also for evaluating defence mechanisms.

KW - Angriffskette

KW - Security

KW - Redteam

KW - Blueteam

KW - Trainings

KW - Simulation

KW - Killchain

KW - Attack chain

KW - Angriffskette

KW - Security

KW - Redteam

KW - Blueteam

KW - Trainings

KW - Simulation

KW - Killchain

UR - https://epub.technikum-wien.at/obvftwhsm/download/pdf/10576854

M3 - Master's Thesis

ER -

AttackMate: Requirements for a research centric attack orchestration tool

Abstract

Research Field

Schlagwörter

Andere Dateien und Links

Fingerprint

Aktivitäten

AttackMate: A modern open-source tool for automating cyberattacks

AttackMate: A modern open-source tool for automating cyberattacks

AttackMate: A modern open-source tool for automating cyberattacks

Diese Publikation zitieren