This new entry has the objective of showcasing how mitre Caldera™ works, and how it can be useful for adversarial simulation and simulated red team operations.

This platform was designed to easily run autonomous breach-and-attack simulation exercises, it also allows to run manual red-team engagements or automated incident response. Caldera is built on the MITRE ATT&CK framework and is actively maintained.

The framework consists of two components:

  1. The core system. This is the framework code, including an asynchronous command-and-control (C2) server with a REST API and a web interface.
  2. Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.

Before we continue any further, I will describe some of the terms being used in this post, simply to increase readability and reduce the amount of research required to understand it.

An Adversary is defined by nist as a Person, group, organization or govermment that conducts or has the intent to conduct detrimental activities. This is an entity that is not authorized to access of modify information, or who works to defeat any protections afforded the information.

A particular case of adversaries are advanced persistent threats (APT), which have sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors, to generate opportunities to achieve its objectives:

  •  Establish and extend its presence within the information technology infrastructure of organisations for purposes of continually exfiltrating information;
  •  Undermine or impede critical aspects of a mission, program or organisation, or place itself in a position to do so in the future.

The advanced persistent threat pursues its objectives repeatedly over an extended period of time, even adapting to the defender’s efforts to resist it.

APT or other less threatening adversaries can be defined and profiled by their tactics, techniques and procedures (TTP). A tactic consists in the highest-level description of the malicious behavior, techniques give a more detailed description of the behavior in scope/context of a tactic, procedures give an even lower-level description of behavior in the context of a technique.

An example might help to clarify everything, lets assume a given company was breached by APT XYZ, we can consider the initial access step as a tactic, phishing as the technique, and the usage of sendgrid as an SMTP relay coupled with a DigitalOcean hosted backend server as the procedures.


Caldera as a simulation platform, can help security teams simulate TTPs of real adversaries, used during the post-exploitation phase. Why is this helpful? If we consider that antivirus programs do not have a true detection rate of 100%, a simulation exercise can help find which TTP your vendor is not detecting and allow security teams to create use-cases or fine tune custom alerts to complement AV detection.

To begin a red team simulation we first need to create and start a new operation, the following image shows a simple configuration which will get us started.


For this operation we will simulate a fake builtin adversary, Super Spy, which has an interesting profile:


This adversary seems to be particularly focused on data collection and exfiltration, this is a classic example of an infostealer-like execution, its post-compromise objectives will be to collect information about the affected machine and user, while keep everything working as intended, in an almost parasitic fashion, to maximize the amount of information collected.

In order to jumpstart the adversary behavior, we need a way to interact with the victim computer, this is done through the agent, a piece of software controlled remotely by the C2 with the ability to execute the configured behaviour.

For this operation, since we are targeting a windows machine, we will use the builtin Sandcat default agent. Caldera already provides us with deployment instructions, so as long as the victim machine has connectivity back to the server, the agent deployment is as simple as copy pasting multiple commands.


After the agent has been deployed we can start our operation and execute the preconfigured abilities, which are linked to a specific tactic and technique:


Now lets take a look at Microsoft’s Defender for Endpoint event dashboard. Let’s see if the antivirus detected any of the activities performed by the deployed sandcat.exe agent.

Interestingly, Defender picked up all the “malicious” activity right from the beginning:


But we must be aware that despite Defender correctly classified sandcat.exe as malware, it was done using static analysis, in which basically the file’s hash matched against an already known signature categorised as malware. It was detected even before performing any action on the endpoint:


A real APT or proficient attacker, would know how to alter the static signature of an agent in order to avoid being flagged as malware.

Let’s look the first action “Screen Capture”, it seems the full execution was logged, but only tagged as PowershellExecution:


The following activities related to directory staging and exploration were detected and reported as “Process events” and given the type of “ExploratoryCommand”:


Defender for endpoint was able to piece together all the commands performed by the agent when looking for files and conclude this process was performing filesystem exploration.

In this scenario all actions were successfully detected by the EDR, and the natural conclusion would be the termination and quarantine of the suspicious file. A security engineer by analysing the response chain, could decide that the default decision process of the antivirus software was too slow or ineffective for a given organisation’s network ecosystem, and create a custom detection rule to more quickly reach a conclusion or escalate the actions to an automatic machine or user lock-down.

The agent and actions showcased are just a demonstration of Caldera’s potential and how adversary simulation works. Multiple profiles and techniques can be configured, of varying sophistication degrees, to help customers look for loop-holes in detection or improve existing processes.