A comprehensive collection of simulated Advanced Persistent Threat (APT) attacks based on real world tactics, techniques, and procedures (TTPs) used by state sponsored APT Groups from Russia, China, Iran, and North Korea
Caution
Important Notice: This project is strictly for educational, research, and defensive security purposes only. Unauthorized use of these techniques may violate laws and result in serious legal consequences.
This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, command and control (C2) servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real-world attacks. The simulations are based on extensive research from leading cybersecurity firms, including Palo Alto Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike, and WithSecure.
Learn More About the Importance and Outcomes of the Experience:
- Why Adversary Simulation? - Understanding the strategic value of simulating advanced threats
- Adversary Simulation VS Adversary Emulation - Key differences and when to use each approach
- How do I simulate an APT - Adversary Simulation Is Not a Methodology It’s the Outcome of Experience
The naming convention for APT groups follows CrowdStrike's taxonomy.
Below is the complete list of simulated APT Groups:
All adversary simulations are powered by BEAR-C2, a custom command and control framework designed for realistic threat emulation.
Always Remember: "Be The Threat To Defeat It"
