The tool simulates various malicious traffic patterns, including DNS tunneling, DGA traffic, and requests to known active C2 destinations, to quantify and measure the coverage of existing detection tools.

Network Flight Simulator: Open-Source Adversary Simulation Tool

Network Flight Simulator is a tool created by AlphaSOC to help security teams evaluate the effectiveness of their security controls and network visibility. It generates malicious network traffic to simulate various types of attacks, such as DNS tunneling, DGA traffic, and requests to known C2 destinations. The tool uses live data from AlphaSOC to synthesize traffic to current malicious infrastructure online. It also generates traffic to "lookalike" domains to test coverage against spear phishing and targeted attacks. The tool is open-source and hosted on GitHub, with plans to add modules for exfiltration patterns over SCTP, FTP, encrypted DNS, Tor, and mail channels. The goal is to help security teams identify and address gaps in their detection coverage.

Back to Home


  • No comments yet.