Red Team Automation (RTA)

RTA provides a framework of scripts that enables blue teams to assess their detection capabilities against malicious tradecraft, based on the MITRE ATT&CK model. RTA consists of Python scripts that create evidence for over 50 different ATT&CK tactics. Additionally, it includes a compiled binary application that can perform actions such as file timestopping, process injections, and beacon simulation when necessary. Whenever possible, RTA aims to execute the actual malicious activities as described. In other instances, the RTAs will replicate all or parts of these activities.

For example, some lateral movement will, by default, target the local host. However, with specific parameters, it typically allows for multi-host testing. In other situations, executables like cmd.exe or python.exe may be renamed to create the illusion that a Windows binary is engaging in non-standard activities.

To successfully install the software, you need to have Python 2.7 set up on your system.

To begin, download a copy of the RTA repository from https://github.com/endgameinc/RTA. Once downloaded, extract the contents of the zip archive into a designated folder named RTA, such as c:\RTA.

To enjoy the complete experience, please download the additional files into the bin subdirectory (as detailed in the dependencies section below).