Skip to content

Simulate Attacks

Open-source tools you can use to simulate attacks

These tools and this approach is helpful in testing your defenses to make sure they're detecting what you expect, and that they're able to detect common AWS cloud attacks.

Cheat Sheet

Image title

Hi-res download

  • Stratus Red Team by DataDog - Granular, Actionable Adversary Emulation for the Cloud
  • Leonidas by F-Secure - Automated Attack Simulation in the Cloud, complete with detection use cases.
  • Pacu by Rhino Security Labs - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • CloudGoat by Rhino Security Labs - CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  • Amazon GuardDuty Tester - This script is used to generate some basic detections of the GuardDuty service
  • AWS CloudSaga - AWS CloudSaga - Simulate security events in AWS
  • Atomic Red Team - Small and highly portable detection tests based on MITRE's ATT&CK. (Not specific to cloud)
  • DeRF - DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation of repeatable detection samples in the cloud. Built on Google Workflows
  • AWS-Attack by Blackbot Security - AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, Pacu.