PurpleSharp : C# Adversary Simulation Tool That Executes Adversary Techniques

PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments.

The resulting telemetry can be leveraged to measure and improve the efficacy of a detection engineering program.

PurpleSharp leverages the MITRE ATT&CK Framework and executes different techniques across the attack life cycle: execution, persistence, privilege escalation, credential access, lateral movement, etc. It currently supports 37 unique ATT&CK techniques.

PurpleSharp was first presented at Derbycon IX on September 2019.

An updated version was released on August 6th 2020 as part of BlackHat Arsenal 2020. If you want to jump straight to the demos: Demo 1 and Demo 2.

Goals / Use Cases

The attack telemetry produced by simulating techniques with PurpleSharp aids detection teams in:

  • Building new detecttion analytics
  • Testing existing detection analytics
  • Validating detection resiliency
  • Identifying gaps in visibility
  • Identifing issues with event logging pipeline

Quick Start Guide

  • PurpleSharp can be built with Visual Studio Community 2019 or 2020.
  • .NET Framework 4.5 is required.

Credit: Mauricio Velazco – @mvelazco

R K

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

16 hours ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

17 hours ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

2 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

2 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

3 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago