• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • July
  • 26
  • Endgame Red Team Automation (RTA) Framework

Endgame Red Team Automation (RTA) Framework

July 26, 2019 Comments Off on Endgame Red Team Automation (RTA) Framework
endgame framework red team framework RTA

Red Team Automation (RTA) provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

RTA is composed of python scripts that generate evidence of over 50 different ATT&CK tactics, as well as a compiled binary application that performs activities such as file timestopping, process injections, and beacon simulation as needed.

Where possible, RTA attempts to perform the actual malicious activity described. In other cases, the RTAs will emulate all or parts of the activity. For example, some lateral movement will by default target local host (though with parameters typically allow for multi-host testing). In other cases, executables such as cmd.exe or python.exe will be renamed to make it appear as if a Windows binary is doing non-standard activities.

The framework is targeting windows operating system you can download and unzip the file next add sysinternals and MsXsl suite in the bin folder. If you will have an antivirus or a security software on your system this will prevent execution many of the script and they are going to be identified as malwares. you should evaluate the targeted host protection before running any of the evaluation test.

All scripts include the name of the attack and brief description for what will be expected to run upon execution for example “Description: Creates registry persistence for mock malware in Run and RunOnce keys, Services and debuggers.” It will be important to review each script and check if you will need to test this type of attack.

Prerequisites

  • Python2.7

Installation Steps

  1. Download a copy of the RTA repo from https://github.com/endgameinc/RTA.
  2. Extract the contents of the zip archive into an RTA folder, such as c:\RTA
  3. For the full experience, download additional files into the bin subdirectory (as described in the dependencies section below)

Dependencies

Some of the RTAs require 3rd party tools in order to execute properly. You can run many RTAs without additional tools, but to make use of the full suite, some will require additional downloads.

The following table provides dependency information:

Dependency RTAs source
Sysinternals Suite user_dir_escalation.py, sip_provider.py, system_restore_proc.py, trust_provider.py Microsoft
MsXsl msxsl_network.py Microsoft

Other Considerations

Windows Defender or other Anti-Virus products may block or otherwise interfere with RTAs while they run. Consider how you configure security products on the test host before running RTAs based on the goals of your tests.

Customization

By modifying common.py, you can customize how RTA scripts will work in your environment. You could even write an entirely new function for use in one or more new RTAs.

Running RTAs

To run the powershell_args.py RTA, simply run:

python powershell_args.py

To run an entire directory of RTAs, the easiest way is to use the script-runner provided, “run_rta.py”. This script-runner is capable of running every script in the “red_ttp” subdirectory and will do so by default:

All operating systems:

python run_rta.py

Alternatively, you can use a loop:

Windows:

for %f in (*.py) do python %f

Linux/Mac:

for i in (*.py); do python $i; done

None of the rules require arguments, but some can optionally take arguments for further customization of the technique

You can read more and download this framework over here: https://github.com/endgameinc/

Post navigation

MimiPenguin – Tool to Dump Linux Login Password
Sh00t – Platform for Manual Security Testers & Bug Hunters

Related Articles

TheTick – A simple embedded Linux backdoor

- Exploitation
October 14, 2019

ConPtyShell – Fully Interactive Reverse Shell for Windows

- Exploitation
October 10, 2019October 10, 2019

Watson – Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities

- Exploitation
October 10, 2019
hacker gadgets
hacker phone covers

Recent Posts

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

Seekr: multi-purpose toolkit for gathering and managing OSINT Data

February 7, 2023
reportly: AzureAD user activity report tool

reportly: AzureAD user activity report tool

February 7, 2023
PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

PoC Exploit For GoAnywhere MFT 0-Day Flaw (CVE-2023-0669) Published Online

February 7, 2023
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

February 6, 2023
Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

Heap_Detective – The Simple Way To Detect Heap Memory Pitfalls In C++ And C

February 6, 2023
OneNoteAnalyzer: analyzing malicious OneNote documents

OneNoteAnalyzer: analyzing malicious OneNote documents

February 6, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW