APT Cyber Killchain Simulator v0.3.0 Beta

CHANGELOG

[v0.3.0] - Full Rewrite & Multi-APT Release

✨ Major Features

• Complete script recreation - All killchain scripts rebuilt from ground up
• APT41 (Winnti Group) - Chinese state-sponsored supply chain/ESXi attacks added
• Lazarus Group - North Korean crypto heists + wiper campaigns added
• Interactive MITRE ATT&CK mapping - 14-phase kill chain for each APT group
• Gum-powered TUI - Terminal UI with styling, spinners, and confirmations

🐛 Bug Fixes

• Fixed silent exits - Replaced &> with >/dev/null 2>&1 in dependency checks
• Removed invalid gum format - Converted to gum style with proper syntax
• Strict mode compatibility - set -euo pipefail now works without crashes
• Dependency detection - Proper gum v0.17.0+ testing and error messages

🔧 Technical Improvements

• Modular phase functions - Each MITRE ATT&CK phase isolated and testable
• Stealth scoring system - Detection events reduce final score (0-100)
• Logging infrastructure - /tmp/aptXX-mission-YYYYMMDD-HHMMSS.log
• C2 domain generation - Random 8-char domains per mission
• Cross-platform cleanup - Trap handlers for INT/TERM signals

📊 New Metrics Tracking

Metric	Description
COMPROMISED_HOSTS[]	Lateral movement targets
HARVESTED_CREDS[]	Credential dumps collected
STOLEN_DATA[]	Exfil sizes (MB)
MITRE_TECHNIQUES{}	ATT&CK techniques used
STEALTH_SCORE	Final rating (0-100)
DETECTION_EVENTS	Blue team alerts triggered
EXFIL_SIZE	Total data stolen (MB)

🚀 Usage

chmod +x red-team/*.sh
brew install gum  # or package manager equivalent
./red-team/apt29-killchain.sh    # Cozy Bear (Russia)
./red-team/apt41-killchain.sh    # Winnti (China)
./red-team/lazarus-killchain.sh  # Lazarus (North Korea)

🎯 APT Group Coverage

Group	Attribution	Notable TTPs
APT29	SVR (Russia)	SolarWinds, Nobelium, DNC
APT41	MSS (China)	ESXi args, supply chain
Lazarus	RGB (NK)	Crypto heists, wipers

APT Cyber Killchain Simulator v0.2.0 Beta

This v0.2.0 beta release expands the simulator with a full APT29 (Cozy Bear / Nobelium) threat emulation track on both the Red Team and Blue Team sides, matching the depth and complexity of the existing APT28 scenarios.

New in v0.2.0 Beta

• 🔴 APT29 Red Team Killchain

  • Full, multi-phase supply-chain style operation inspired by SolarWinds/Nobelium activity.
  • Covers reconnaissance, supply chain compromise, selective activation, cloud pivoting, long-term persistence, and covert exfiltration.
  • Includes detailed MITRE ATT&CK mapping and stealth scoring similar to APT28.

• 🛡️ APT29 Blue Team Defense

  • End-to-end defense simulation focused on supply chain security, Azure/O365 hardening, and cloud incident response.
  • Includes supply chain risk assessment, cloud posture, EDR/XDR, SIEM/detection engineering, threat hunting, incident response, and post-incident hardening.
  • Produces a defense score, threat level, and structured recommendations.

Scope of This Beta

• Existing APT28 Red/Blue scenarios retained and unchanged in complexity.
• New APT29 Red/Blue scenarios added as separate, fully featured scripts, selectable from the same TUI launcher.
• Intended for lab, training, and purple-team style exercises; still beta, so expect rough edges and provide feedback via issues/PRs.

APT Cyber Killchain Simulator v0.1.0 Beta - Release Notes

🎯 First Public Beta Release

Interactive Red Team & Blue Team training platform for cybersecurity professionals. Navigate APT attack scenarios through a professional TUI menu system.

✨ What's Included

🎮 TUI Launcher

• Professional ncurses menu using dialog
• Keyboard navigation (↑/↓/Enter/ESC)
• Auto-detects training scripts

🔴 Red Team - APT28 Killchain

• 14-phase complete attack simulation
• Stealth scoring (0-100)
• MITRE ATT&CK G0007 (32 techniques)
• Real TTPs: X-Agent, Mimikatz, PsExec

🛡️ Blue Team - APT28 Defense

• 10-phase security assessment
• Security grading (A-F scale)
• EDR/SIEM/AD hardening simulation
• Detection gap analysis

📦 Download Options

• Complete Package: apt-simulator-v0.1.0-beta.tar.gz (all scripts + docs)
• Source Code: Source code (zip) / Source code (tar.gz)

🚀 Quick Start

# 1. Download and extract
tar -xzf apt-simulator-v0.1.0-beta.tar.gz
cd apt-simulator-v0.1.0-beta

# 2. Install dependencies
sudo apt install dialog    # TUI menu (Linux)
brew install dialog         # TUI menu (macOS)
brew install gum            # Script framework

# 3. Run launcher
chmod +x apt-simulator.sh
./apt-simulator.sh

🎓 Perfect For

• Red Team operators
• SOC analysts
• Purple team exercises
• OSCP/GCIH certification prep
• CTF/lab environments

📋 Requirements

• Bash: 4.0+
• dialog: ncurses TUI (standard on most Linux)
• gum: Terminal toolkit (brew install gum)
• OS: Linux, macOS, WSL2

🐛 Known Issues

• APT29-APT41 scripts not yet implemented (menu placeholders only)
• Windows native support requires WSL2
• Some terminal emulators may need color scheme adjustments

🗺️ Roadmap (v0.2.0)

• APT29 (Cozy Bear) - Supply chain attacks
• Lazarus Group - Ransomware scenarios
• Docker containerization
• Web dashboard for metrics
• Multi-language support

📖 Documentation

Full documentation: README.md

📄 License

GNU General Public License v3.0 - See LICENSE

🙌 Credits

• dialog by Thomas Dickey
• gum by Charmbracelet
• MITRE ATT&CK framework

---

⭐ Star this repo if useful! Contributions welcome!