Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

Max Landauer; Klaus Mayer; Florian Skopik; Markus Wurzenberger; Manuel Kern

doi:10.1109/TrustCom63139.2024.00043

Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

Abstract

Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.

Original language	English
Title of host publication	Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Pages	117-128
Number of pages	12
ISBN (Electronic)	979-8-3315-0620-9
DOIs	https://doi.org/10.1109/TrustCom63139.2024.00043
Publication status	Published - 4 Apr 2025
Event	2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) - Sanya, Sanya, China Duration: 17 Dec 2024 → 21 Dec 2024

Publication series

Name	Ieee International Conference On Trust Security And Privacy In Computing And Communications

Conference

Conference	2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Abbreviated title	TrustCom- 2024
Country/Territory	China
City	Sanya
Period	17/12/24 → 21/12/24

Research Field

Cyber Security

Keywords

open-source tools
user study
red teaming
adversary emulation

Access to Document

10.1109/TrustCom63139.2024.00043

IEEE Outstanding Paper Award
Landauer, M. (Recipient), Mayer, K. (Recipient), Skopik, F. (Recipient), Wurzenberger, M. (Recipient) & Kern, M. (Recipient), 2024
Prize: Prize/Award › Best paper award in journal / conference

File

Cite this

Landauer, M., Mayer, K., Skopik, F., Wurzenberger, M., & Kern, M. (2025). Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. In Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 117-128). (Ieee International Conference On Trust Security And Privacy In Computing And Communications). https://doi.org/10.1109/TrustCom63139.2024.00043

Landauer, Max ; Mayer, Klaus ; Skopik, Florian et al. / Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2025. pp. 117-128 (Ieee International Conference On Trust Security And Privacy In Computing And Communications).

@inproceedings{44ab1e7bb8d34895b975946135f3601b,

title = "Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation",

abstract = "Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.",

keywords = "open-source tools, user study, red teaming, adversary emulation",

author = "Max Landauer and Klaus Mayer and Florian Skopik and Markus Wurzenberger and Manuel Kern",

year = "2025",

month = apr,

day = "4",

doi = "10.1109/TrustCom63139.2024.00043",

language = "English",

isbn = "979-8-3315-0621-6",

series = "Ieee International Conference On Trust Security And Privacy In Computing And Communications",

pages = "117--128",

booktitle = "Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)",

note = "2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), TrustCom- 2024 ; Conference date: 17-12-2024 Through 21-12-2024",

}

Landauer, M , Mayer, K , Skopik, F , Wurzenberger, M & Kern, M 2025, Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. in Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Ieee International Conference On Trust Security And Privacy In Computing And Communications, pp. 117-128, 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Sanya, China, 17/12/24. https://doi.org/10.1109/TrustCom63139.2024.00043

Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. / Landauer, Max ; Mayer, Klaus ; Skopik, Florian et al.
Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2025. p. 117-128 (Ieee International Conference On Trust Security And Privacy In Computing And Communications).

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

TY - GEN

T1 - Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

AU - Landauer, Max

AU - Mayer, Klaus

AU - Skopik, Florian

AU - Wurzenberger, Markus

AU - Kern, Manuel

PY - 2025/4/4

Y1 - 2025/4/4

N2 - Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.

AB - Red teams simulate adversaries and conduct sophisticated attacks against defenders without informing them about used tactics in advance. These interactive cyber exercises are highly beneficial to assess and improve the security posture of organizations, detect vulnerabilities, and train employees. Unfortunately, they are also time-consuming and expensive, which often limits their scale or prevents them entirely. To address this situation, adversary emulation tools partially automate attacker behavior and enable fast, continuous, and repeatable security testing even when involved personnel lacks red teaming experience. Currently, a wide range of tools designed for specific use-cases and requirements exist. To obtain an overview of these solutions, we conduct a review and structured comparison of nine open-source adversary emulation tools. To this end, we assemble a questionnaire with 80 questions addressing relevant aspects, including setup, support, documentation, usability, and technical features. In addition, we conduct a user study with domain experts to investigate the importance of these aspects for distinct user roles. Based on the evaluation and user feedback, we rank the tools and find MITRE Caldera, Metasploit, and Atomic Red Team on top.

KW - open-source tools

KW - user study

KW - red teaming

KW - adversary emulation

U2 - 10.1109/TrustCom63139.2024.00043

DO - 10.1109/TrustCom63139.2024.00043

M3 - Conference Proceedings with Oral Presentation

SN - 979-8-3315-0621-6

T3 - Ieee International Conference On Trust Security And Privacy In Computing And Communications

SP - 117

EP - 128

BT - Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

T2 - 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Y2 - 17 December 2024 through 21 December 2024

ER -

Landauer M , Mayer K , Skopik F , Wurzenberger M , Kern M. Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. In Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2025. p. 117-128. (Ieee International Conference On Trust Security And Privacy In Computing And Communications). doi: 10.1109/TrustCom63139.2024.00043

Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation

Abstract

Publication series

Conference

Research Field

Keywords

Access to Document

Fingerprint

Prizes

IEEE Outstanding Paper Award

Cite this