Arsenal

Tools & Platforms

9 proprietary tools built by operators, for operators. Each addresses a specific phase of the adversarial lifecycle — from reconnaissance to persistence to exfiltration. No off-the-shelf frameworks, no commercial C2 dependencies.

ASM / CTEM

ATLAS

Continuous attack surface discovery and monitoring platform. ATLAS uses a BlackBox approach to identify and track all internet-facing assets from the attacker's perspective — no agents, no credentials required.

  • Automated asset discovery (domains, subdomains, IPs, services, APIs)
  • 24/7 continuous monitoring for changes and new exposures
  • Vulnerability detection correlated with threat intelligence
  • Dark web monitoring and credential leak detection
  • Real-time alerting and integration with security workflows
Continuous Assessment

CAST

Continuous Assessment & Security Testing — expert manual testing triggered by ATLAS findings. When new or changed assets are detected, CAST dispatches human testers to validate and exploit vulnerabilities that automated tools miss.

  • Expert manual testing of new and changed assets
  • Real exploitation attempts to validate risk
  • Continuous loop: discovery → validation → testing → remediation
  • Detailed remediation guidance with re-testing
  • Integrates seamlessly with ATLAS findings
BAS

ARGOS

Breach & Attack Simulation platform with 250+ automated attack techniques mapped to the MITRE ATT&CK framework. ARGOS provides objective, repeatable measurement of your defensive capabilities across the full kill chain.

  • 250+ automated attack techniques across the kill chain
  • Full MITRE ATT&CK framework mapping
  • SIEM and log management integration for detection correlation
  • Continuous testing schedules with trend tracking
  • Detection rate scoring and executive dashboards
  • Custom technique development for specific threat models
Ransomware Simulation

KHAOS

Realistic ransomware simulation that mimics the TTPs of LockBit, BlackCat, and ALPHV ransomware families. KHAOS tests your organization's ability to detect and contain ransomware before encryption completes — safe, with zero data loss.

  • Mimics LockBit, BlackCat, and ALPHV ransomware TTPs
  • Configurable encryption simulation (safe, no data loss)
  • Network replication and lateral spread behavior
  • System locking and ransom note deployment
  • Measures detection-to-containment time
  • Tests backup integrity and recovery procedures
Internal Intrusion

CERBERUS

Internal intrusion toolkit focused on Active Directory environments. CERBERUS automates AD analysis, asset prioritization, and credential management for efficient internal operations across complex enterprise forests.

  • Active Directory enumeration and analysis
  • Asset prioritization based on value and accessibility
  • Credential ingestion and management
  • Attack path mapping and privilege escalation
  • Automated Kerberoasting and AS-REP roasting
  • Trust relationship mapping across forests
Persistence Management

CARONTE

Automated persistence deployment and management across diverse environments. CARONTE maintains access through DMZ, Cloud, Active Directory, and workstation environments with minimal operator interaction and maximum stealth.

  • Automated persistence across DMZ environments
  • Cloud persistence (AWS, Azure, GCP)
  • Active Directory persistence mechanisms
  • Workstation persistence with EDR evasion
  • Health monitoring and automatic re-establishment
  • Centralized management and status tracking
Wi-Fi Audit

TIFON

Wi-Fi audit automation platform built on Raspberry Pi and Arduino hardware. TIFON enables remote wireless security assessments with web-based management — no on-site operator needed after initial deployment.

  • Raspberry Pi / Arduino-based hardware platform
  • Remote web management interface
  • Automated WPA/WPA2/WPA3 attack campaigns
  • Evil twin and captive portal attacks
  • Client deauthentication and handshake capture
  • Long-duration passive monitoring
Payload Obfuscation

QUIMERA

Advanced payload obfuscation and scripting framework for intrusion operations. QUIMERA generates custom payloads, credential harvesters, and lateral movement scripts that evade modern endpoint protection — tested against your specific EDR/AV stack.

  • Payload obfuscation bypassing EDR/AV
  • Custom credential harvesting modules
  • Lateral movement scripting
  • Polymorphic code generation
  • Fileless execution techniques
  • AMSI and ETW bypass integration
Intrusion Framework

MAKHAI

Comprehensive intrusion framework designed for complex red team operations. MAKHAI handles C2 prioritization, dictionary generation, proxy detection, and GAL exfiltration — filling the operational gaps left by commercial C2 frameworks.

  • C2 channel prioritization and management
  • Intelligent dictionary generation for password attacks
  • Proxy and filtering detection
  • Global Address List (GAL) exfiltration
  • Multi-protocol communication channels
  • Operational security features and traffic blending

Interested in Our Toolset?

Built by operators, for operators.

Contact us to learn how our 9 proprietary tools can enhance your security operations or testing engagements.

Get in Touch