Operationalizing Automated Adversary Telemetry for Detection Engineering
COMING SOON!!!! This is a holding repo for the project and its code will be released later in 2023.
Built upon the open-source project Velociraptor by Velocidex, RedRaptor leverages the existing capabilities within Velociraptor along with various custom integrations to execute common adversary techniques mapped to the MITRE ATT&CK framework at scale. Expanding upon the flexibility of the Velociraptor Query Language (VQL), embedded Notebooks, and external processing engines RedRaptor can rapidly replicate telemetry found in real-world attacks from initial access to impact.
RedRaptor aims to provide a single platform for incident responders and threat hunters to execute realistic adversary activity and generate detections based on artifacts to identify gaps, improve effectiveness of security operations, and apply an operational framework to IR and threat hunting research and development. With its modular design, RedRaptor allows defenders to leverage a "choose your own adventure" approach to adversary telemetry generation by allowing users to connect various components together to create custom attack paths.