Red Team Village - Executing Red Team Scenarios with Built-in Scenario Place
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 374 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/49173 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
ATMInhalt <Mathematik>Demo <Programm>Rippen <Informatik>ComputermusikMereologieDienst <Informatik>SoftwareschwachstelleBinärdatenGarbentheorieComputersicherheitInternet der DingeOpen SourceGrenzschichtablösungKategorie <Mathematik>SoftwaretestKartesische KoordinatenGamecontrollerMultiplikationsoperatorClientDrahtloses lokales NetzNichtlinearer OperatorBildgebendes VerfahrenVersionsverwaltungBitStichprobenumfangPlastikkarteSoftwareentwicklerEreignishorizontElektronische PublikationBenutzerbeteiligungTypentheorieKonfigurationsraumFramework <Informatik>EmulatorBenutzeroberflächeSimulationEindringerkennungAnalysisDokumentenserverSoftwareWärmeleitfähigkeitSystemplattformEliminationsverfahrenRepository <Informatik>Automatische HandlungsplanungApp <Programm>Gebäude <Mathematik>ZahlenbereichProgrammfehlerRechenschieberMalwareQuellcodeTwitter <Softwareplattform>Social Engineering <Sicherheit>Coxeter-GruppeHilfesystemVerschlingungRelativitätstheorie
05:17
ATMDatenmodellFundamentalsatz der AlgebraOpen SourceFramework <Informatik>Kartesische KoordinatenMultiplikationsoperatorMetrisches SystemReelle ZahlSelbst organisierendes SystemEmulatorComputersicherheitAusnahmebehandlungComputerspielWissensbasisMatrizenrechnungObjekt <Kategorie>Unternehmensarchitektur
07:12
Framework <Informatik>ATMMailing-ListeMalwareMereologie
07:44
Framework <Informatik>ATMObjekt <Kategorie>Elektronische PublikationSkriptspracheServerFramework <Informatik>CodeProgrammierungWeb SiteInterpretiererProgramm/Quellcode
09:12
ATMEmulatorEmulatorSelbst organisierendes SystemExogene VariableInzidenzalgebraPunktHyperbelverfahrenSoftwareSoftwareschwachstelleMultiplikationsoperatorTermKonfigurationsraumPhysikalisches SystemReelle ZahlKollaboration <Informatik>Natürliche ZahlComputerspielSoftwaretestMereologieWärmeausdehnungBlackboxSystemplattformGebäude <Mathematik>Demo <Programm>Konfiguration <Informatik>MAPComputersicherheitDienst <Informatik>Analytische Fortsetzung
12:30
EmulatorATMOpen SourceVerkehrsinformationNetzbetriebssystemSystemplattformFramework <Informatik>Standardmodell <Elementarteilchenphysik>RechenschieberEndliche ModelltheorieSoftwaretestSoftwareInformationComputersicherheitDateiformatVektorraumTypentheorieSimulationMapping <Computergraphik>FlächentheorieStandardabweichungOpen SourceDatenstrukturDeskriptive StatistikMalwareVerkehrsinformationEmulatorRepository <Informatik>UmwandlungsenthalpiePhysikalischer EffektProgrammierumgebung
15:16
SystemplattformATMCOMOpen SourceProgrammierumgebungBildschirmfenstersinc-FunktionSystemplattformOrdinalzahlCMM <Software Engineering>UmwandlungsenthalpieDistributionenraumProdukt <Mathematik>TypentheorieWurm <Informatik>ZahlenbereichSelbst organisierendes SystemDifferenteQuellcodeAutomatische HandlungsplanungDokumentenserverSoftwaretestMereologieDemo <Programm>Web SiteComputersicherheitKonfigurationsraumTouchscreenProzess <Informatik>FreewareSpeicherabzugKategorie <Mathematik>Coxeter-GruppeTaskOffene Menge
18:20
SystemplattformATMDokumentenserverEmulatorCoxeter-GruppeDokumentenserverProgramm/QuellcodeFlussdiagramm
19:07
ATMDokumentenserverEmulatorRechenschieberSystemplattformDokumentenserverGruppenoperationTypentheorieInformationWurm <Informatik>Komplex <Algebra>EindringerkennungElektronische PublikationGenerator <Informatik>Programm/Quellcode
19:49
EmulatorATMEmulatorElektronische PublikationMechanismus-Design-TheorieImplementierungPunktDifferenteSpeicherabzugTelekommunikationReelle ZahlServerFunktionalGarbentheorieProgramm/Quellcode
20:58
GeradeSystemplattformCLIEmulatorATMMultiplikationOpen SourceDokumentenserverEinfache GenauigkeitKonfigurationsraumGarbentheorieClientCLISpeicherabzugEmulatorThreadPlastikkarteFormale SpracheWurm <Informatik>Portabilität
22:15
ATMHöhere ProgrammierspracheVirtuelle MaschineDemo <Programm>EmulatorCoxeter-GruppeCLIDokumentenserverComputeranimation
22:43
ATMDemo <Programm>CLIDifferenteMailbox
23:15
ATMDokumentenserverCLIDatenkompressionMaßerweiterungBildschirmfensterUmwandlungsenthalpieSystemplattformElektronische PublikationTopologieProgramm/QuellcodeFlussdiagramm
23:58
ATMSystemplattformInterface <Schaltung>DatenstrukturTypentheorieComputeranimation
24:29
ATMDokumentenserverCLIBenutzeroberflächeMailboxTerm
25:01
ATMDokumentenserverBenutzerfreundlichkeitCLIClientEmulatorMehrkernprozessorElektronische PublikationKonfigurationsraumEinfügungsdämpfungVerzeichnisdienstZusammenhängender GraphComputeranimation
25:42
ATMZusammenhängender GraphWurm <Informatik>URLEmulatorThreadServerSystemplattformMultiplikationElektronische PublikationGarbentheorieGruppenoperationRichtungKomplex <Algebra>DokumentenserverBinärdaten
26:48
ATMEmulatorCLIKonfigurationsraumElektronische PublikationMehrkernprozessorEinfach zusammenhängender RaumProgramm/Quellcode
27:30
ATMEinfach zusammenhängender RaumComputeranimation
27:57
ATMEmulatorBinärcodeElektronische PublikationBinärdatenServerMalwareDeskriptive StatistikRPCBitBenutzerbeteiligungProgramm/Quellcode
28:42
ATMMehrkernprozessorDokumentenserverPhasenumwandlungEmulatorProgramm/QuellcodeComputeranimation
29:09
ATMEmulatorDokumentenserverThreadZweiGruppenoperationCLIURLComputeranimation
29:38
ATMChiffrierungResultanteInhalt <Mathematik>EmulatorPortabilitätElektronische PublikationPublic-Key-KryptosystemDokumentenserverProgramm/Quellcode
30:38
ATMDifferenteDokumentenserverKonfigurationsraumElektronische PublikationEmulatorURLPhasenumwandlungProgramm/Quellcode
31:29
ATMMotion CapturingTouchscreenNabel <Mathematik>Elektronische PublikationFunktionalMaschinenspracheComputeranimation
32:01
ATMKonfigurationsraumElektronische PublikationProgramm/QuellcodeComputeranimation
32:28
ATMProgramm/QuellcodeComputeranimation
32:57
ATMDifferenteEmulatorDokumentenserverSystemplattformRechenschieberProgramm/QuellcodeComputeranimation
33:43
ATMDesintegration <Mathematik>ZeitzoneIntegralSystemplattformCLIAutomatische HandlungsplanungSoftwareFramework <Informatik>DokumentenserverAdressraumBenutzeroberflächeE-MailDatenverwaltungComputersicherheitGenerator <Informatik>TermSchedulingMailboxComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:02
Hello, hello everyone. This is Arden Ar. I'm here with my colleague Gugberg. Hi. Thanks for joining our session. We are very excited to be part of the Red Team Village this year. The title of our session is Executing Red Team Scenarios with Built-in Scenario Plays.
00:28
First of all, let's start with introducing ourselves a little bit. Hi everyone. I am Gugberg. I am a penetration tester and Red Team operator.
00:41
I have worked across a variety of industries, including financial service and government service. Currently, I am working as an offensive security engineer at an industry leading bank. I plan and conduct full scope Red Team engagements that simulate realistic and targeted attacks.
01:02
Also, I am responsible for performing host infrastructure penetration testing, web and mobile application testing, social engineering engagements, source code revives, and wireless penetration tests. In the past, I have given several presentations on malware analysis, Red Team operations, exploit development, and IoT security.
01:29
Thank you, Gugberg. My name is Arden Ar. I have about 10 years of experience in IT and information security. During this time, I had a chance to work at Research Institute, a Fortune 100 company, and a bug bounty company.
01:47
I took roles in development teams, in security operations, and application security teams that are focused on security tool development, penetration testing, and vulnerability assessments.
02:01
Currently, I am working as an application security engineer. Today, we are going to talk about our tool called Red Team built-in scenario place, also called Manticore platform. We are going to demonstrate how to execute some adversary emulation scenarios, like a ransomware attack with this tool.
02:25
We'll start the discussion with a brief introduction to what MITRE ATT&CK framework is, then we'll discuss the challenges concerning adversary elimination and these relation tools, to show a little bit about why we needed to build, why we wanted to build such a tool,
02:42
and later we'll talk about the features of this open-source scenario place. Through the end, we will demo the tool, and we are going to show the user interface, some scenario cards on it, and we'll execute some sample scenarios, like APT29, LOLBins, and the simplified ransomware scenario using the command line client.
03:08
Finally, we will finish with the future work. Alright, let's start. So, as we all know, Red Team activities are one of the fastest developing solutions against today's cyber attacks.
03:24
And recently, the number of tools that propose to help Red Teams is increasing quite rapidly. And following this trend, we have also created an adversarial emulation tool for Red Teams. This is an open-source tool, and its aim is to aid a Red Team to execute several types of attack scenarios.
03:46
It also gives more visibility to the Blue Teams to see what's being executed on their endpoints, or what malicious traffic is going through their network during a Red Team exercise. So, the initial version of this tool was presented at the previous Red Team event back in May,
04:07
and since then it has been improved with scenarios, and it has been published on GitHub. Basically, we have categories of scenarios as network-based, endpoint-based, and APT group-based.
04:23
And there is also a section for Blue Team techniques, showing some hardening controls related to executed scenarios. You can find the GitHub Robustor link on the slide here. All the scenarios inside the repo that we are releasing are mapped to the Mitress attack framework.
04:50
And the techniques and the tactics can be found in this framework. I will talk about the framework in a minute. You will see the reference numbers, the attack IDs of the scenarios, of the techniques,
05:08
inside the configuration files for each scenario, if you go to the GitHub repository. But we will go into detail about this. So, what is Mitre's attack framework?
05:22
For those of you who saw this for the first time, let me briefly explain it. When you visit this website, attack.mitre.org, you see a matrix of items called Attack Matrix of Enterprise.
05:40
The columns of this matrix are tactics, and tactics are mainly the objective of the attack attempt. The goal that an attacker tries to achieve. So, you can see 12 columns here. Each of them represents an attack goal.
06:01
And under each attack goal, there are techniques. And each of these techniques has an attack ID with it. So, in total, there are 12 tactics listed in Mitre, and these tactics have around 250 different techniques.
06:20
This framework is a great knowledge base classifying these adversary tactics and techniques, that are used to attack targets in real life. Of course, this framework is not only beneficial for red teams, but also organizations are also benefiting from it to learn about the attack methods.
06:43
And the framework is open to any person and organization for use at no charge. And just like how OWASP's top-down framework is being embedded in most application security tools, a great resource like this one is becoming a fundamental reference of red teams and adversarial emulation tools.
07:06
So, our open source tool is no exception for this. And as I said, there are 12 tactics, almost chronologically starting with the initial access,
07:20
and going to the impact goal of an attack. So, in the initial access part, the attacker is trying to penetrate the targets. And then comes the execution, when the attacker is simply trying to run a malicious code. And the list goes on, actually. I'm not going into details a lot.
07:44
Just to see some examples for techniques, let's take the execution tactic. So, for the execution tactic, there are 10 techniques listed underneath it. Some of these have some subcategories as well.
08:02
The techniques listed here are about the methods that an attacker can use to run code. Basically, execute a code on a local or remote system to reach their main objective. This execution tactic is also often interconnected with other tactics.
08:24
For example, as a red teamer, your execution technique of using command and scripting interpreter could be running a PowerShell script to perform a file download from a remote server that will be used for the discovery goal.
08:41
So, it would be related to the discovery goal, in that sense. You can check out the market's website for more details, and we have seen that there are many great talks in the program about this framework, and we suggest that you check them for getting more insights about it.
09:02
We just tried to mention the technique and tactic idea here, how we mapped it in our tool. Next, the offensive teams have some common exercises,
09:20
like vulnerability assessments, penetration testing, and adversary emulation. Skipping the first to the last one, adversary emulation is what we focus actually right now, and it's an activity where red teamers, as the name refers, try to emulate or imitate how an adversary performs during a real-life attack.
09:43
The platform we'll demo here is focused on adversary emulation, as I've said, performed inside the network of an organization. So, in a way, you can think that initial access tactic has been achieved, and we are moving on to the other tactics. Therefore, we can say that this tool will be most useful
10:03
for internal red teams or purple teams. Now, let's discuss some issues faced with adversarial emulation and what we want to see with this tool. So, it's not going to be an answer to all these problems.
10:24
The tool is not going to be an answer to all these problems, but we think it's a step to solve some of them at least. First of all, emulating adversarial behavior is costly, because their techniques are complex and requires time, and it's not common to see the tools created or used by malicious actors in the wild.
10:46
That's why adversary emulation is an expensive exercise. Next thing is the scenario transparency. We have seen that adversarial emulation tools do not provide transparency in their scenarios. That's what we wanted to avoid by this tool.
11:03
In our experience, we saw that there is a need for collaboration between red and blue teams, especially for internal security teams of big organizations. Blue teams cannot easily see the adversarial emulation behavior due to black box nature of the red team's attacks.
11:22
This causes a problem in terms of improving their incident response capabilities efficiently. Another problem is tool availability. While emulating adversaries, tool availability is another issue.
11:41
Red teams cannot easily find the tools used by the malicious actors, just like we mentioned in the cost challenge. Therefore, bringing all publicly available scenarios together, we think it will be the best option for red teams. Repeatability is another issue in adversary emulation.
12:02
Why? Because sometimes during the red team engagement a test may fail, but the device configuration may be changed at a later point by someone or by some service account. So, the same test may pass on another try.
12:20
Therefore, it would be great to have some parts of adversary emulation engagements automated, continuous and repeatable. It's nice to have a system where the security teams are able to schedule these tests to run at frequent intervals. Another issue is that adversary emulation exercises have some malicious software used by the red teams.
12:49
So, these malicious software can cause unexpected situations on corporate devices and networks. It's also a great idea to have visibility on which software will be used during the engagement.
13:07
What's more, there are also some challenges with regards to other tools used by the red teams. Like for the on-premise installation of simulation tools, updated attacks cannot easily be imported into the infrastructure, into the platforms.
13:25
With these two, the security engineer has the chance to point to a URI, to a repo, where everything is up to date. Investigating different commercial or open source tools, we could get the idea, general idea of how many scenarios are available for a security team.
13:45
So, we saw that there are about 2000 scenarios in the wild and all of them cannot be reached from a single place. Most of the tools used for the emulation also do not take advantage of the open source community.
14:01
Having a place of scenarios enriched by the red team community would be valuable to everyone. Reporting, on the other hand, is also another issue for the simulation tools. These tools do not provide enough information for understanding the attack surface and attack vectors.
14:23
And finally, simulation tools are too complex for creating and updating scenarios. They don't have a general structure, like a standard model for scenarios. We tried to standardize this by a scenario model in the JSON format, that you can see in the slide.
14:42
So, we have the IDE specific to the scenario with the initials of the tactic used there and the tactic names, the description and name of the scenario and the mapping to the MITRE ATT&CK framework.
15:01
We also have the type of the scenario, like is it an endpoint scenario, is it a network or an APT. And also describing the platform, the operating system that it targets. So, overall, the main core platform, as we call it, this built-in scenario place, has the following features.
15:27
First of all, the tool and the methodology we use in emulating adversarial attacks with this tool is open source and therefore this is very cost-effective compared to commercial tools.
15:40
We prepared a scenario environment that makes it faster and less complicated for red teams. They can easily apply the tasks from different open sources, like atomic red team or red canary. It gives red teamers the access to the scenarios according to specific attack types, as divided in MITRE categories.
16:04
And what's more important, the blue teamers will be able to see these attacks within a transparent process. The config files clearly show the sources of threat scenarios and the payloads used within it.
16:21
Of course, organizations may still prefer to perform the blind engagement, blind red team engagement, depending on their security maturity. But meeting a visible engagement plan can be much more helpful for most of the organizations.
16:42
And so, blue teams, we talked about blue team detection and prevention to distribution of scenarios. While checking the scenarios, we saw that commercial and open source tools mostly have bias towards windows environments.
17:07
And the number of scenarios is distributed like 60% windows and 20% for Mac OS and 20% for Linux environments. With the community support, it's possible to increase scenarios on the Mac and Linux side as well.
17:26
And therefore, balancing this distribution would be a good product at the end. With this platform, APT scenarios can also be recreated and visible to both red teams and blue teams.
17:43
Since everyone can contribute, red teams will have the chance to add advanced attack scenarios in their toolbox, and build a community to protect and improve defense against attack and breach scenarios. Now, I will stop sharing the screen, and your perk is going to tell you how we structured this tool,
18:05
showing the GitHub repository, and finally, the more exciting part, it will show the demo of the tool, and we'll finally talk about our future perk.
18:20
Hello again, now we will look at, we will continue with the presentation. We, now we will look at public threat repository. For this presentation, we released some complex scenarios on our GitHub account. We are mapping these scenarios to the Maitre.
18:43
So far, we published three complex scenarios, named as APT29, LORBeans, and ransomware. In the next, this public repository includes public and known scenarios. You can see this on our GitHub repository. Later, we will go deeply into it.
19:07
In the next slides, we will look at public threat scenarios, public scenario repository. We released three scenarios on our GitHub account. All scenarios are again prepared with regards to Maitre.
19:23
From these scenarios, complex scenario groups are generated. For example, if you look at ransomware emulation, ransomware emulation includes two scenarios included in public scenario repository. It has two JSON files with their IDs.
19:41
These include attack type, attack periods, and platform information. I will show you later that. For ransomware emulation, in this section, we will look at ransomware emulation scenarios for generating public scenarios.
20:00
We have two different implementations for ransomware emulation. One of them is written by Go. The other one is PowerShell-based. This released implementation is not covering all steps of real ransomware attack, but this is on purpose. Because we wanted to release a simplified implementation of this scenario, there is no CC or server communication or encrypting all files.
20:31
We are encrypting a file that we create on the fly and decrypt it in this file. Adding the three missing points, these implementations can be converted to full ransomware emulation.
20:45
Yet, our aim is to test if a defense mechanism could prevent the core function of ransomware, which is encrypting files.
21:01
In this section, we will speak about SmartCore Adversary Remulaiton CLI tool. This tool is working with public threat scenarios, which I showed earlier in another repository. As we said before, we have seen that adversarial emulation tools do not provide transparency in some of their scenarios.
21:24
Here, we publish command-line based adversarial emulation tool that is fully open source to bring some visibility to how emulation works. All threats and scenarios are public and configurable.
21:42
Red teamers, blue teamers can easily edit this tool according to their aim. Also, this CLI is developed in Go language for achieving multiplatform execution. This tool includes single config CLI, which is shown here.
22:04
Public scenarios, payloads and threats with this config UI, command-line based tool emulates adversary. Now, we will look at our demo for this presentation.
22:22
We have one remote machine and we run adversarial emulation scenarios here. For looking scenarios, which are used by the CLI tool. Here, we can see public threat repository.
22:44
Here, we can see three different kind of scenario collection. There are so many scenarios in our backlog and we are importing all of this gradually and these scenarios can be easily updated.
23:02
The all kind of these scenarios is compatible with Mitre. Firstly, we will look at our built-in scenario place before the demo, demo of the CLI tool.
23:20
Here, we can see which is shown in our public GitHub repository threat scenarios, we can see here too. For example, for PowerShell, one of the example scenario execute PowerShell from the CMDA executable to collect and compress files of specific extensions.
23:44
It is used by the Windows platforms. It is designed for the Windows platforms. There we can see Mitre tags, Mitre tag name. Also, we can go into the scenario here.
24:00
If we go here, we can see scenario. If we click on it, we can see there is a simple structure of the JSON listed as scenario. Here, the technique, attack ID, name, type, platform and command and interface.
24:23
You can see here, PowerShell is the interface. Also, you can see here the ID. Also, we said before too, we have many scenarios in our backlog and we will try to import all of these scenarios and we will release,
24:41
we will publish them to red teamers, blue teamers, purple teamers. For now, we will execute the scenarios with our CLI tool instead of using user interface.
25:00
Next, we will look at our CLI tool, which is published on GitHub repository again. Here, we can see our adversary emulation client CLI tool. You can easily compile this on your own infrastructure. Also, for ease of use, we published a release.
25:23
Here, you can go into release and you can download config.ini file and you can download multi-core CLI executable. You can run this executable with the config.ini file within the same directory. config.ini file includes three components.
25:45
One of them is public thread group URL, which is used for complex scenario collection. Other one is public thread scenarios URL section. It shows thread scenario repository.
26:01
Last one is the payload location, which is used for scenario payloads. For execution, as we told before, you simply compile or download an executable and config.ini file. You cite necessary URLs for parsing repository on the platform.
26:21
In the thread groups URL, you can give multiple URLs for emulation as it accepts an array of URLs. Now, we will firstly will emulate LoL BINs emulation for downloading a file from a remote server.
26:41
As we can see here, we give thread group URL. We are coming our tools. Here, our config.ini file and multi-core CLI executable. When we run it, emulation is starting.
27:29
We have some connection problems here. We connect again.
28:03
If we can see here, you can see LoL BIN emulation binaries for the LoL BIN malicious executable. One of them is using searchutil for downloading a file from a remote server. In the description, we can see this steps to download a file from a remote web server to host using searchutil.
28:28
Also, we have a different second scenario uses bitsadmin.executable to download a file from remote server and scenario user can be seen here.
28:46
Next, we will emulate ransomware, which is published on the multi-core GitHub repository. If we go there, clearly we can see it includes two phases.
29:07
And for generating these scenarios, we used ransomware emulation repository. One of them is Go-based ransomware emulation. Second one is PowerShell-based ransomware emulation.
29:24
If we edit our thread group URL, then we are running our CLI again.
29:47
Firstly, Go-based multi-platform ransomware emulation is simulated. Also, secondly, PowerShell-based ransomware emulation is simulated.
30:00
For example, if we look at the first scenario, first ISK is generated, then encrypted ISK is generated via public key, then decrypted ISK via generated private key. Here we can see encrypted file content and decrypted file content here.
30:25
And we can finally see a scenario result here. If you wonder, for example, ransomware emulation executable here listed, it is, as we said before, it is compiled from this repository.
30:42
You can easily compile that and you can run in your infrastructure. Finally, we will add apt-29 emulation URL in config file, which does not show all scenarios, but few of them we will try to emulate.
31:04
For being clear, if you go into fu21.json file, there we can see different scenario phases.
31:23
And you can easily go into it in our GitHub repository. For example, in one of the examples, screen capture native articles were used to collect a screenshot.
31:50
It imports to get screenshot PS1 file, PowerShell file, then call the function and we will emulate now this one.
32:03
We are closing that. I will check config file again.
32:30
Here we can see scenario execution is continuing.
33:09
Here we completed partially apt-29 emulation. There is, as we told before, it is partial. We have a different kind of scenarios. You can clearly go down in the GitHub repository.
33:24
We are trying to generate, we'll be trying to import all available scenarios into our platform. Easily, people can reach them and they can generate complex scenarios from them. If we go into continuing our slides.
33:51
For the feature work, we are continuing to add all available scenarios to the repository. We are also working on the feature of running scheduled scenarios throughout the UI.
34:06
Another plan is to integrate our threat intelligence framework into this scenario tool to contribute to the scenario generation and attack prevention. In the public release, we will add reporting feature that will be added.
34:24
In the other hand, for achieving purple theme, we will add security management software integration into our CLI tool and UI feature, user interface. Easily, red timbers, blue timbers can query which scenario is detected or prevented.
34:48
In the next, we are waiting for the community support for this tool. Thanks for listening. If you have any questions, please ask us live in Discord.
35:03
Also, you can reach us if you want from the email, from this email address. Also, we are waiting for your support on our GitHub platform. Thank you so much again.