RedWolf is a security threat simulator that tests security system effectiveness. Its threat generation capabilities include email, IM, malware, P2P, social networking, VoIP, DDoS, and many more. The guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the effectiveness of network defenses. The scenario suite allows one to verify compliance with PCI-DSS, Sarbanes-Oxley, or HIPAA controls. RedWolf helps identify data loss risks and provides expert recommendations concerning risk mitigation. It reports present findings, recommendations, best practices, and blocking guidance in a straightforward, easily readable format. RedWolf also acts as a 'Red Team' agent, running drills to measure the readiness of your operations staff.
|Tags||Network Audit Network Analysis Red Team Vulnerability Scan Vulnerability Assessment Security|
|Operating Systems||Windows Unix VMWare Mac OS X|
|Implementation||VMWare C++ Ruby PHP MySQL Apache XSL/XSLT XML bash scripts Perl Python Flash Adobe Flex|
Release Notes: A new DDOS scenario has been added: LDAP Brute Force (Active Directory). It allows you to emulate a brute force attack on a Domain Controller. A new DDOS scenario has been added: DNS Flood. New proxy support: NTLM proxy (only for Webmail scenarios for now). Several scenarios were modified (some improvements and bugfixes) including: DDoS Botnet system; Amazon S3; Webmail; IMAP, SMTP, FTP, Gmail drive, Google Talk, IM, P2P, Skype, Social Networking, tunnels, and others. Product support updates; small patches/updates can be applied with no need to create a new build.
Release Notes: The DDoS Botnet system was completely rebuilt with more user control, more scenarios, and more details on attacks. New scenarios include "HTTP[S] Get (hit and run)" in which an agent sends a request and immediately drops the connections. The Secure Socket Layer (SSL) tunnel scenario was fixed. The DNS tunnel scenario was improved. A custom request path was added for HTTP DDoS attacks. Some of the remote agents were moved to the Amazon EC2 cloud. The "Scenario Groups" tab was added. This allows one to choose a set of scenarios grouped by purpose. The "Site Details" tab now allows one to set a different Organization/Project which is recorded in reports.
Release Notes: Two new scenarios were added: Slowloris and SQL injection. The webmail and social networking scenarios now support network proxies. The "Content Types" page is now Flash-based and should render correctly in all browsers. For those malware emulation scenarios that perform network scans, users may now specify which network segment to scan in CIDR notation. In addition, numerous bugs were fixed and recent API changes were incorporated into handlers involving GMail, AOL, and Amazon S3 accounts.
Release Notes: Six scenarios now support HTTP and SOCKS network proxies. The 'Samba Share' scenario provides more details concerning client connections. The 'Discover Gateways' scenario reveals more information about the local routers that it finds, including their MAC addresses. The 'IRC' instant messaging scenario now has several Undernet servers to use, in case the primary server is unavailable. Finally, improvements to the 'Site Details', 'Configure Users', and 'Content Types' pages make the threat generator easier to use.