CALDERA™ is a cybersecurity framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.
The framework consists of two components:
- The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
- Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs, and more.
Visit the CALDERA site to access the tool and documentation.