Hands-on: How to Use CALDERA's Chain Mode

This session will teach participants how to use the open source CALDERA tool to automate post-compromise adversary emulation exercises. CALDERA was originally released in 2017 as an R&D-heavy tool designed to run fully automated end-to-end adversary emulation exercises aligned with the MITRE ATT&CK framework. In 2019, the team pushed out a major update featuring a completely redesigned core architecture – now letting users create “”plugins”” to extend functionality – as well as a new operating mode (“”chain””) that allows users to leverage CALDERA to orchestrate atomic unit tests without the overhead needed in the original release.

In this course, we’ll teach participants the basics of CALDERA – focusing on chain mode – including how it works, its core design, and some of the ways it can be used. Then, we’ll switch to hands-on mode where we’ll guide attendees on how to use CALDERA, walking through its UIs and setting up and running built-in adversaries. Once attendees are familiar with the core concepts behind CALDERA, we’ll run through exercises showing how it can be extended, including building new adversary profiles, adding techniques, and, time allowing, how to develop new plugins. Attendees should be familiar with the terminal and bring a laptop.

Presented by