Red Teaming at Scale: GHARF Automates the Attack Lifecycle via CI/CD
GHARF is an efficient support framework for Red Team exercises that applies the concept of CI/CD (Continuous Integration / Continuous Delivery). It can be used for exercises aimed at security assessment, research, and human resource development.
This tool automates various phases of Red Team operations from the development and preparation of simulated attacks to their execution by applying the build and delivery mechanisms of CI/CD. As a result, Red Team operations become significantly more efficient, enabling rapid iteration of operational cycles. We refer to this concept as “Continuous Attack Integration / Continuous Attack Delivery (CAI/CAD).”
Features
Continuous Attack Integration / Continuous Attack Delivery
-
Fully Automated Red Team Operations
- Automates the entire process of Red Team operations from attack development to preparation and execution
- Allows Red Team to focus on scenario development rather than operational overhead
- Connects each operation as a pipeline, enabling seamless handoff of obtained capabilities between phases
- For example: an attack tool can be built, automatically executed in the target environment, and then analyzed, with results output all without manual intervention
-
Red Team Operations as Code
- Operations can be structurally defined as workflow files
- Workflow files serve as documentation for the operation itself
- Enables repeatable execution of operations
- Supports version control of operational logic
- Makes operations portable and transferable across environments
-
Resource-Less
- Uses the Runner Application as a C2 agent eliminating the need to develop one from scratch
- Leverages GitHub repositories as C2 servers no need to build a separate C2 infrastructure
- Enables attack tool building using GitHub-hosted runners no dedicated build environment required
- Supports result analysis and processing (e.g., password cracking) using GitHub-hosted runners again, no separate environment needed
-
Easy and Fast Setup
- Quick and simple process to get started with the minimum requirements:
- Create a GitHub account
- Set up a GitHub repository for attack development
- Run the Runner Application in the target environment
- Quick and simple process to get started with the minimum requirements:
Install & Use
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
