Announcing MITRE Caldera™ v5!
Authors: Michael Kouremetis
MITRE Caldera v5, code name “Magma”, is finally here! Check it out on the Caldera GitHub. Below, we briefly discuss key new features and what’s next on the horizon for Caldera.
Kudos
But first, we would like to give special public kudos to the core team members responsible for making Caldera v5 Magma a reality. Starting with our UI/UX team who were responsible for the most of Magma — kudos to Jamie Scott, Joey Morin, and Adam Gaudreau. Following, our core developer Chris Lenk, for handling integration, quality, and testing. Finally, our in-house red-teamers Mark Perry and Dan Martin for being the “voice of the operator” in helping design key features. Thank you all for your hard work, passion, and acumen.
A thank you to our Caldera Benefactors
In 2023, we started the Caldera Benefactor Program and have since announced two benefactors, Coalfire and NVISO. These benefactors made critical donations that directly funded additional features, extra testing, and more time for design review for Caldera Magma. As a result, the latest Caldera version is that much better for our global user community. Thank you Coalfire and NVISO.
From Coalfire:“I’m pleased Caldera’s Magma update is now available to the open source community,” said Mark Carney, EVP of Offensive Security, Coalfire, a cybersecurity services leader and a MITRE Caldera Benefactor. “We share threat intelligence from our red team engagements to Caldera and, by extension, to security teams around the world. The most valuable companies on earth trust us to pentest their cloud and infrastructure environments. By open sourcing these discoveries through Caldera, we accelerate vulnerability management for organizations beyond our immediate customer ecosystem.”
From NVISO:“I’m very excited about the new Caldera version 5 being released! We use Caldera extensively in our managed services offering to ensure continuous improvement of our detection analytics and response playbooks. We believe Caldera is truly a force multiplier for blue teams, by allowing them to emulate adversarial techniques ‘at the click of a button’. We look forward to what the future holds and continue supporting Caldera!“ — Erik Van Buggenhout, Co-Founder & Partner at NVISO
New Features
Caldera v5 Magma delivers an all-new user interface, built with Vue.js, that enhances current live operation views of its adversarial emulations, as well as lays the groundwork for intended future capabilities of simulating artificial intelligence (AI) based threats. When designing Magma, our guiding themes were operator awareness, speed of comprehension, and confidence of control. In effect, focusing the interface to what the most important information, views and actions are to a cyber operator executing an adversary emulation operation. The following features highlight this focus.
Summary Dashboard Landing Page
The new landing page for Caldera now incorporates a tile view, giving you immediate summary of known deployed agents, current and past operations, loaded abilities, loaded adversaries, and the Caldera server host address.
Network (Graph) & Table Operation View
Once an operation has been initiated, the operational view will snap into focus showing the network view above and the action table below.
Target Hosts & Agents
Target hosts (hosts with a Caldera agent beaconing from them) will display the icon of the host platform; in this example the host platform is Linux and Tux (the Linux penguin is shown). Colored rings seen around the host represent Caldera agents. In this example, there is one agent beaconing from the host, and its status is “Trusted, Alive” so its color is green.
Multiple Agents on same host
Hosts with multiple Caldera agents on them will show additional colored rings. In this example, two agents are beaconing in from the same Linux host.
Agent that has an elevated privilege
If an agent has an elevated privilege on a host, its icon color will change to red.
Host/Agent Side Panel
Clicking on the host (node) in the network view will open a side panel on the right with key information about the agent and host to include host name, platform, IP address(es), agent IDs, and the three most recent actions executed by the agent.
Agent Actions Shortcut
Without leaving the Operations view, users can now manage key agent features, including killing the agent. Users may click on the corresponding agent ID button in the side panel and then be shown the agent action window.
Operation Actions Table View
Below the network view there is the standard table view of the actions. For Caldera v5, the table view was refactored to be more of the standard functionality found in UI tables. Now users can easily filter and sort based on any column field, re-run commands inline, and view/copy commands & output by simply hovering their cursor over the corresponding columns.
Code Syntax Highlighting
The editable command windows for Action executors now have syntax highlighting to make it easier for users to view and edit commands.
What’s next?
(Short Term) In the coming 1–2 months, our team will follow up the code release of Caldera Magma with detailed video tutorials of installing and using the platform as well as making publicly available, pre-built virtual machines (and/or documentation to do so) that enable users to quickly standup Caldera (and a target machine) regardless of what native operating system they use. The latter resource specifically targeting users who only have access to Windows (as the Caldera server does not run on the Windows platform) and/or do not have machine/system to serve as the (test) target host for Caldera operations.
(Long Term) There is still much work to be done on enhancing and utilizing the Operational network view to its full potential, particularly in detailing network topology, agent lateral movement, highlighting C2 channels etc… Our team plans to continue to enhance this view over the long term, as having now established the foundation of the VueJS UI/UX components. Look for future minor releases adding these additional enhancements. Additionally, the Caldera for OT plugins are not yet supported via Caldera’s VueJS framework. For the moment, to use the OT plugins, please continue to use Caldera v4.2. Our intent is to bring the OT plugins up to the new framework over time as well.
Interested in becoming a MITRE Caldera™ Benefactor?
Become a MITRE CalderaTM Benefactor! Through your charitable giving you can directly help in sustaining and advancing the Caldera Adversary Emulation platform. Donations are directly applied to platform development and maintenance, academic and community engagement, and cutting-edge R&D. To show our thanks, Caldera benefactors are also the recipient of many benefits, to include being recognized as a benefactor of MITRE Caldera and announcement as well as collaboration and briefings with the Caldera leadership team. For more details see benefactor program link below.
Caldera Benefactor Program Form: https://hubs.ly/Q01Wgc3V0
Want to learn a little more about the Caldera Benefactor program first? Feel free to reach out to us at caldera@mitre.org for a conversation.
Resources
©2024 The MITRE Corporation. All rights reserved.
Approved for public release. Distribution unlimited 23–02825–8.
