Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

Max Landauer; Klaus Mayer; Florian Skopik; Markus Wurzenberger; Manuel Kern

doi:10.1109/TrustCom63139.2024.00043

Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.

Originalsprache	Englisch
Titel	Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Seiten	117-128
Seitenumfang	12
ISBN (elektronisch)	979-8-3315-0620-9
DOIs	https://doi.org/10.1109/TrustCom63139.2024.00043
Publikationsstatus	Veröffentlicht - 4 Apr. 2025
Veranstaltung	2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) - Sanya, Sanya, China Dauer: 17 Dez. 2024 → 21 Dez. 2024

Publikationsreihe

Name	Ieee International Conference On Trust Security And Privacy In Computing And Communications

Konferenz

Konferenz	2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Kurztitel	TrustCom- 2024
Land/Gebiet	China
Stadt	Sanya
Zeitraum	17/12/24 → 21/12/24

Research Field

Cyber Security

Zugriff auf Dokument

10.1109/TrustCom63139.2024.00043

IEEE Outstanding Paper Award
Landauer, M. (Empfänger/-in), Mayer, K. (Empfänger/-in), Skopik, F. (Empfänger/-in), Wurzenberger, M. (Empfänger/-in) & Kern, M. (Empfänger/-in), 2024
Auszeichnung: Best paper award für Beitrag in einer Fachzeitschrift/ auf einer Konferenz

Datei

Diese Publikation zitieren

Landauer, M., Mayer, K., Skopik, F., Wurzenberger, M., & Kern, M. (2025). Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. in Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (S. 117-128). (Ieee International Conference On Trust Security And Privacy In Computing And Communications). https://doi.org/10.1109/TrustCom63139.2024.00043

Landauer, Max ; Mayer, Klaus ; Skopik, Florian et al. / Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2025. S. 117-128 (Ieee International Conference On Trust Security And Privacy In Computing And Communications).

@inproceedings{44ab1e7bb8d34895b975946135f3601b,

title = "Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation",

abstract = "Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.",

keywords = "open-source tools, user study, red teaming, adversary emulation",

author = "Max Landauer and Klaus Mayer and Florian Skopik and Markus Wurzenberger and Manuel Kern",

year = "2025",

month = apr,

day = "4",

doi = "10.1109/TrustCom63139.2024.00043",

language = "English",

isbn = "979-8-3315-0621-6",

series = "Ieee International Conference On Trust Security And Privacy In Computing And Communications",

pages = "117--128",

booktitle = "Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)",

note = "2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), TrustCom- 2024 ; Conference date: 17-12-2024 Through 21-12-2024",

}

Landauer, M , Mayer, K , Skopik, F , Wurzenberger, M & Kern, M 2025, Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. in Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Ieee International Conference On Trust Security And Privacy In Computing And Communications, S. 117-128, 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Sanya, China, 17/12/24. https://doi.org/10.1109/TrustCom63139.2024.00043

Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. / Landauer, Max ; Mayer, Klaus ; Skopik, Florian et al.
Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2025. S. 117-128 (Ieee International Conference On Trust Security And Privacy In Computing And Communications).

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

TY - GEN

T1 - Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

AU - Landauer, Max

AU - Mayer, Klaus

AU - Skopik, Florian

AU - Wurzenberger, Markus

AU - Kern, Manuel

PY - 2025/4/4

Y1 - 2025/4/4

N2 - Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.

AB - Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.

KW - open-source tools

KW - user study

KW - red teaming

KW - adversary emulation

U2 - 10.1109/TrustCom63139.2024.00043

DO - 10.1109/TrustCom63139.2024.00043

M3 - Conference Proceedings with Oral Presentation

SN - 979-8-3315-0621-6

T3 - Ieee International Conference On Trust Security And Privacy In Computing And Communications

SP - 117

EP - 128

BT - Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

T2 - 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Y2 - 17 December 2024 through 21 December 2024

ER -

Landauer M , Mayer K , Skopik F , Wurzenberger M , Kern M. Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. in Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2025. S. 117-128. (Ieee International Conference On Trust Security And Privacy In Computing And Communications). doi: 10.1109/TrustCom63139.2024.00043

Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

Abstract

Publikationsreihe

Konferenz

Research Field

Zugriff auf Dokument

Fingerprint

Auszeichnungen

IEEE Outstanding Paper Award

Diese Publikation zitieren