Welcome to CALDERA’s documentation!¶
CALDERA™ is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response. CALDERA is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.
The framework consists of two components:
1. The core system. This is the framework code, including an asynchronous command-and-control (C2) server with a REST API and a web interface.
2. Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.
Visit Installing CALDERA for installation information.
For getting familiar with the project, visit Getting started, which documents step-by-step guides for the most common use cases of CALDERA, and Basic usage, which documents how to use some of the basic components in core CALDERA. Visit Learning the terminology for in depth definitions of the terms used throughout the project.
- Installing CALDERA
- Getting started
- Learning the terminology
- Basic Usage
- Server Configuration
- Plugin library
- How CALDERA makes decisions
- Operation Results
- Initial Access Attacks
- Windows Lateral Movement Guide
- Dynamically-Compiled Payloads
- Peer-to-Peer Proxy Functionality for Sandcat Agents
- C2 Communications Tunneling
- Uninstall CALDERA
The following section contains documentation from installed plugins.
- Exfiltration Scenarios and Setup
- An Example
- Sandcat Plugin Details
The following section contains information intended to help developers understand the inner workings of the CALDERA adversary emulation tool, CALDERA plugins, or new tools that interface with the CALDERA server.
- The REST API
- How to Build Plugins
- How to Build Planners
- How to Build Agents