[Cyware] Realm: Open-source adversary emulation framework – Help Net Security

Summary: This content discusses Realm, an open-source adversary emulation framework that focuses on scalability, reliability, and automation for engagements of any size.

Threat Actor: N/A
Victim: N/A

Key Point :

  • Realm is unique in its custom interpreter written in Rust, allowing complex TTPs to be written as code.
  • Realm is highly scalable, with the ability to perform group actions and gather information from multiple hosts simultaneously.
  • Realm consists of two main components: the Agent (imix), written in Rust with support for macOS, Linux, and Windows, and the Server (tavern), which provides a web interface and GraphQL backend for easy API access.

Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size.

adversary emulation

“Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code, defenders can replay attack actions, and red teams can create repositories of their TTPs and processes for multiple engagements. Realm is also extremely scalable! Group actions are easy to create in our Web GUI, allowing you to get information from multiple hosts at once,” a spokesperson for the project told Help Net Security.

Realm components

Agent (imix)
  • Written in Rust with support for macOS, Linux, and Windows.
  • Supports long-running tasks by reading output from tasks in real time.
  • Interval callback times.
  • Simple file-based configuration.
  • Embedded files.
  • Built-in interpreter.
Server (tavern)
  • Web interface.
  • Group actions.
  • graphql backend for easy API access.
  • OAuth login support.
  • Cloud native deployment with pre-made terraform for production deployments.
Built-in interpreter (eldritch)
  • Reflective DLL Loader.
  • Port scanning.
  • Remote execution over SSH.

Future plans and download

“For the future, we want to expand the ways you can contextualize information via our Web GUI. We want red teams to have the most visibility possible into how things are going during an engagement. We also want it to be easier for red teams to collaborate with defenders, allowing the defenders to learn from the engagement,” the spokesperson concluded.

Realm is available for free download on GitHub.

Must read:


Source: https://www.helpnetsecurity.com/2024/07/15/realm-open-source-adversary-emulation-framework


“An interesting youtube video that may be related to the article above”