Automated Adversary Emulation Platform
--build
flag in order to build the VueJS UI. If you restart the server afterwards, the --build
flag is not needed.docker-py
dependency from core to the Builder plugin as it is optional.donut-shellcode
python package dependency to Stockpile plugin. Dependency was moved as donut-shellcode
package cannot (at this time) be installed on MacOS ARM chip architectures and caused install issues for Caldera core. https://github.com/mitre/caldera/pull/2874
Full Changelog: https://github.com/mitre/caldera/compare/4.2.0...5.0.0
Greatly improved documentation bug fixes and user experience enhancements Improve the use of SSL certs Update to Debrief to allow for customized reporting
Full Changelog: https://github.com/mitre/caldera/compare/4.1.0...4.2.0
(New!) "Everything Bagel" adversary: A collection of all CALDERA abilities ordered by ATT&CK tactic. Particularly useful when using the new advanced planners (see below) and want all abilities at the disposal of the planner.
(In progress) Added a missing ability to the "Worm" Adversary in the Stockpile plugin.
(New!) Look-Ahead Planner: A CALDERA planner that decides which abilities to execute based on expected future reward. (New!) Guided Planner: A CALDERA planner which makes use of "distance to goals" in a dependency graph to select the optimal next action.
Full Changelog: https://github.com/mitre/caldera/compare/4.0.0...4.1.0
We've begun working on v5 and are excited to bring capabilities not currently seen by automated cyber operation platforms
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0-beta
@ArtificialErmine, @clenk, @argaudreau, @iguannalin, @heatonk, @bleepbop, @mchan143, @christophert, @yee-jonathan, @blackwidow0616, @djlawren, @ddavila54, @CDJellen, @wbooth, @bernsteinj, @emmanvg, @cyber-arsenull, @uruwhy, @elegantmoose, @damionmounts, @zacharylc-mitre, @cmagone, @alexanderkent, ... and more!
Thank you to all of the MANY builders of CALDERA, both in and out of GitHub! 🚀
Bugfixes and enhancements to the 4.0.0-alpha release
templates/abilities.html
) by @CDJellen in https://github.com/mitre/caldera/pull/2321
Thank you to the MANY builders of CALDERA on and off Github!
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0-alpha2
** Plugin UIs are still being updated so this will remain a pre-release until then
We are re-imagining the way end users interact with CALDERA. This includes large updates to the UI. Included is a new abilities screen to easily manage your extensive library.
Calling all builders! For all those who build on the CALDERA platform we have a whole new API with full documentation. Currently docs are available once you start up the server. Look for a link at the bottom of the navigation menu "api docs"
We've introduced some new C2 channels, including:
New service created to better manage facts and information during an operation or when performing analysis
Supports basic file encoding (plaintext and base64) for payload downloads and file uploads. To encode a downloaded payload or uploaded file, set the “x-file-encoding" HTTP header accordingly when making the download/upload request. Available data encoders are defined as Python modules in app/data_encoders. Currently supported encoders are “plain-text” and “base64”
Add support for custom login handlers, as well as a new SAML authentication plugin.
Thank you to the MANY builders of CALDERA on and off Github!
Full Changelog: https://github.com/mitre/caldera/compare/3.1.0...4.0.0-alpha
Improvements to the training plugin, C2 Channels, and some core feature improvements
--fresh
argument now backs up data to data/backups
before deleting data files.Big improvements to usability, a new plugin called Emu that imports adversary emulation plans from CTID, P2P agent communication, lateral movement tracking, and more!
This plugin imports adversary emulation plans from the Center for Threat Informed Defense
Learn more about the support emulation plans here: https://github.com/center-for-threat-informed-defense/adversary_emulation_library
Debrief is now tracking lateral movement through the new attack path graph in addition to some changes made to sandcat and core!
Learn more about the feature here: https://caldera.readthedocs.io/en/latest/Lateral-Movement-Guide.html#displaying-lateral-movement-in-debrief
Allow for dynamic compilation of C#, C, C++, and Go binaries. Code will be built in Docker containers, requiring additional setup when CALDERA starts, but reducing dependencies on the server. Both C# and Go binaries can be built with libraries/modules.
Peer to Peer functionality allows agents within internal networks to chain together to enable beaconing and communications where a direct connection is not possible. The implementation in sandcat allows for varied channels of communication as well, so that an agent can be configured for the environment is is being deployed in. Also present in caldera is functionality for discovery of peers, so that an agent can be deployed from a generic binary and discover if there are any available peers to connect out through if direct connection to the C2 server is not possible. The CALDERA server will display the proxy chain and protocols used to facilitate the communications in the agents page.
adds in the capability for caldera to track lateral movement via the originLinkID. This is passed in as an optional command line argument when executing an agent.
Learn more about the feature here: https://caldera.readthedocs.io/en/latest/Lateral-Movement-Guide.html#displaying-lateral-movement-in-debrief
Allow users to run arbitrary commands on agents. Previously, only commands in abilities could be run. Add manual links from the operation screen.
Similar to payload downloads in abilities, you can now specify file uploads in an ability YAML file. Supporting agents will upload the specified file(s) after completing an ability. File paths can be local or absolute. Before, file uploads and exfiltration were performed using hardcoded commands (curl, powershell webclient, etc) that required HTTP(s) connection to the C2. In cases where the agent is using peer-to-peer and cannot directly access the server, old file upload commands wouldn’t work as intended. By adding in the upload capability as a separate ability and instruction component, supporting agents will use their contact method’s built-in upload functionality to send file bytes upstream, whether it is directly to the C2 server or to another agent proxy peer who will forward the bytes on their behalf.
Users can now specify deadman abilities in the agents.yml config or via the agent GUI modal to have supporting agents run them prior to termination. Whereas all agents will receive bootstrap abilities for immediate execution upon their first successful beacon, the CALDERA server will only send deadman abilities to agents who have indicated through their beacons that they support deadman abilities. An example use case for this functionality is to specify an ability that will remove the agent executable once the agent terminates, or other defense evasion abilities like clearing logs.