nshalabi / attack-tools Goto Github PK

@nshalabi - Excellent work and design of a useful utility with SQLITE

Requesting you add a feature to integrate a layer from the ATT&CK Navigator onto the tool you have - AttackView.exe

As your user, I want to grab a layer from MITRE or other people, import the JSON as a new plan and work from there.

Example: APT29 Evaluation

I want the layer's highleghted in Green to render in my plan within the AttackView.exe application

This is a summary of the features requests I received (in random order):

1. The ability to import ATT&CK™ data sets using the tool itself.
2. Add custom techniques not listed in ATT&CK™ (insider threat and fraud focused).
3. Incorporate more red-teams playbooks, similar to atomic-red-team™.
4. Start a plan by importing ATT&CK™ navigator exports.
5. Ability to define targets and assign a "testing guideline" to each, allowing users to input components of their systems in terms of access/process/technology (what is being defended).
6. Integrate the tool with CALDERA™ to generate tests.
7. Create macOS & Linux versions.
8. Open source the tool.
9. Exporting plans for sharing.
10. Map NIST SP 800-53 controls to techniques (other controls SOX, PCI, FFIEC).
11. Allow users to enter known vulnerability data for systems (like Kenna or NVD).
12. Add technique scoring cost/difficulty/discoverability for attack tree modeling (technique based attack probability and simulation).

Thank you all for your feedback, if you would like to add a new feature or feedback about a requested feature, please add it here or email me directly at [email protected]

Is there a way to delete plans? I only see options to load and create.

Could you please publish the source code of AttackView.exe?

This database you have is EXTREMELY helpful. From my look at the bundle id's, it appears that the latest database included is version 8.1. Could you verify that this is correct? If so, do you think it would be possible to update with 9.0?

Even better, would it be possible to get instructions on how to update the database with whatever the latest dataset is? so that it wouldn't be dependent on you updating it?

On Windows 10, I seem to be unable to open the program. I get the following Error:

ESQLITENATIVEExpetion in AttackView.exe. [FireDac][Phys][SQLite]ERROR unable to open database file.
The attack_view_db.sqlite is in the same folder as the AttackView.exe. Could you provide more details?
Thanks. Also, any plans on making this for *Unix systems?

I'd like to add 4th platform - SCADA with all the new Tactics and Techniques. (besides Windows, Linux and MacOS).

Here (page 17) is the ICS ATT&CK Matrix.

At the moment, it's very complicated to do so. Could you provide an information how could I edit it or if it can be incorporated into the tool?

What do you think?

Thanks for developing this project!

Kelly,Christopher A

Approves