Welcome to CALDERA’s documentation!

CALDERA™ is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response. CALDERA is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

1. The core system. This is the framework code, including an asynchronous command-and-control (C2) server with a REST API and a web interface.

2. Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.

Visit Installing CALDERA for installation information.

For getting familiar with the project, visit Getting started, which documents step-by-step guides for the most common use cases of CALDERA, and Basic usage, which documents how to use some of the basic components in core CALDERA. Visit Learning the terminology for in depth definitions of the terms used throughout the project.

For information about CALDERA plugins, visit Plugin Library and How to Build Plugins if you are interested in building your own.

Usage Guides

• Installing CALDERA
  • Requirements
  • Installation
  • Docker Deployment
  • Offline Installation
• Getting started
  • Autonomous red-team engagements
  • Autonomous incident-response
  • Manual red-team engagements
  • Research on artificial intelligence
• Learning the terminology
  • Agents
  • Abilities and Adversaries
  • Operations
  • Plugins
• Basic Usage
  • Agents
  • Abilities
  • Adversary Profiles
  • Operations
  • Facts
  • Fact sources
  • Rules
  • Planners
  • Plugins
• Server Configuration
  • Startup parameters
  • Configuration file
  • Custom configuration files
  • Enabling LDAP login
  • Setting Custom Login Handlers
• Plugin library
  • Sandcat (54ndc47)
  • Mock
  • Manx
  • Stockpile
  • Response
  • Compass
  • Caltack
  • SSL
  • Atomic
  • GameBoard
  • Human
  • Training
  • Access
  • Builder
  • Debrief
• How CALDERA makes decisions
• Objectives
  • Objectives
  • Goals
• Operation Results
  • Operation Report
  • Operation Event Logs
• Initial Access Attacks
  • Run an initial access technique
  • Write an initial access ability
• Windows Lateral Movement Guide
  • Setup
  • Lateral Movement Using CALDERA
  • Example Lateral Movement Profile
• Dynamically-Compiled Payloads
  • Basic Example
  • Advanced Examples
• Exfiltration
  • Exfiltrating Files
  • Accessing Exfiltrated Files
  • Accessing Operations Reports
  • Unencrypting the files
• Peer-to-Peer Proxy Functionality for 54ndc47 Agents
  • How 54ndc47 Uses Peer-to-Peer
  • Peer-To-Peer Interfaces
  • Current Peer-to-Peer Implementations
• C2 Communications Tunneling
  • SSH Tunneling
• Uninstall CALDERA
• Troubleshooting
  • Starting CALDERA
  • Stopping CALDERA
  • Agent Deployment
  • Operations
  • Opening Files
• Resources
  • Ability List
  • Lateral Movement Video Tutorial

The following section contains documentation from installed plugins.

The following section contains information intended to help developers understand the inner workings of the CALDERA adversary emulation tool, CALDERA plugins, or new tools that interface with the CALDERA server.

Developer Information

• The REST API
  • /api/rest
  • Agents
  • Adversaries
  • Operations
  • /file/upload
  • /file/download
• How to Build Plugins
  • Creating the structure
  • The enable function
  • Writing the code
  • Making it visual
  • Adding documentation
• How to Build Planners
  • Buckets
  • Creating a Planner
  • A Minimal Planner
  • Advanced Fact Usage
  • Planning Service Utilities
  • Operation Utilities
  • Knowledge Service
• How to Build Agents
  • Understanding contacts
  • Building an agent: HTTP contact
  • Lateral Movement Tracking

Core System API

• app
  • app package
    • Subpackages
    • Submodules
    • app.version module
    • Module contents

Indices and tables

• Index

• Module Index

• Search Page