If you have a homelab and want to test out your defenses, check out a few of these projects to help you “Create Evil” to find with Security Onion or other defensive tools.
The Infection Monkey is an open source security tool for testing a data
center’s resiliency to perimeter breaches and internal server
infection. The Monkey uses various methods to self propagate across a
data center and reports success to a centralized Monkey Island server.
Atomic Red Team™ is a library of tests mapped to the MITRE ATT&CK®
framework. Security teams can use Atomic Red Team to quickly, portably,
and reproducibly test their environments.
DetectionLab is a repository containing a variety of Packer, Vagrant,
Powershell, Ansible, and Terraform scripts that allow you to automate
the process of bringing an ActiveDirectory environment online complete
with logging and security tooling using a variety of different
APT Simulator is a Windows Batch script that uses a set of tools and
output files to make a system look as if it was compromised. In contrast
to other adversary simulation tools, APT Simulator is designed to make
the application as simple as possible. You don’t need to run a web
server, database or any agents on set of virtual machines. Just download
the prepared archive, extract and run the contained Batch file as
Administrator. Running APT Simulator takes less than a minute of your
The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool
for building repeatable, time-delayed, distributed security events.
Easily create custom event chains for Blue Team drills and sensor /
alert mapping. Red Teams can create decoy incidents, distractions, and
lures to support and scale their operations. Turn paper tabletop
exercises into controlled “live fire” range events. Build event
sequences (“narratives”) to simulate realistic scenarios and generate
corresponding network and filesystem artifacts.