CALDERA vs Decepticon
GitHub Stats
About CALDERA
CALDERA is MITRE's open-source adversary emulation platform that automates attack simulations based on the ATT&CK framework. It enables red teams and purple teams to run realistic, repeatable attack chains against their infrastructure without manually executing each technique. CALDERA uses an agent-based architecture where lightweight agents (called Sandcat) are deployed on target systems and execute adversary profiles โ curated sequences of ATT&CK techniques that mimic real-world threat actors. The platform includes dozens of pre-built abilities covering reconnaissance, credential access, lateral movement, persistence, and exfiltration. Blue teams can use CALDERA to validate detection coverage by running known attack sequences and checking whether their SIEM, EDR, and monitoring tools triggered appropriate alerts. The web-based UI provides real-time visibility into operation progress and a reporting engine for gap analysis.
About Decepticon
Decepticon is an AI-powered autonomous red team framework that executes complete attack chains from initial reconnaissance through command and control establishment. It uses a Neo4j knowledge graph to track discovered assets, vulnerabilities, and successful exploitation paths. Every action maps to MITRE ATT&CK technique IDs, making it useful for both offensive testing and detection engineering. Includes configurable rules of engagement to prevent out-of-scope actions, automated reporting, and integration with common C2 frameworks.
Platform Support
Tags
Shared
CALDERA only
Decepticon only