Automating Attack Simulations with MITRE ATT&CK
06.05.2025Extend an existing simulation environment to execute reproducible cyber-attack scenarios using the MITRE ATT&CK framework and procedures for example from Aomic Red Team. The focus is on automation of attack step execution and basic event/log tracking for downstream labeling.
Objective:
Extend an existing simulation environment to execute reproducible cyber-attack scenarios using the MITRE ATT&CK framework and procedures for example from Aomic Red Team. The focus is on automation of attack step execution and basic event/log tracking for downstream labeling.
Betreuer: Daniel Schlör
Key Tasks:
- Identify and define a set of relevant MITRE ATT&CK techniques to simulate
- Explore Caldera as foundational framework
- Automate selected attack scenarios including planning, logging and labeling
- Collect logs (e.g., system, network) generated during simulation runs
- Align executed attack steps with collected logs
Extension Directions (Master Thesis / Practica):
- Label Propagation for Ground Truth Generation
- Knowledge Graph Construction from Simulated Attacks
- Variant Campaign Simulation for Model Robustness Testing
- LLM-Based Automation of Attack Procedures
