Welcome to the official MITRE Caldera™ blog page!

Authors: Kate Esprit, Daniel Matthews & Turquoise Richardson

For our first featured blog post, we would like to (re-)introduce Caldera by answering a few basic questions.

What exactly is MITRE Caldera?

Caldera began as a small research project in 2015 which focused on using automation to exploit credential re-use in Windows enterprise networks. Two years later, in 2017, the project was redesigned and MITRE Caldera™ v1 was publicly released. At the time, the project had grown from a simple script to one of the first intelligent automated adversary emulation platforms. The Caldera team also published several research papers demonstrating how artificial intelligence was used to make the platform reliable and dynamic.

Since then, Caldera has continued to evolve. Today, the platform now serves as a framework intended to empower cyber practitioners — whether red or blue teams — to save time, money, and energy through automated security assessments. While the project is intended to enable a variety of uses, Caldera mostly can help defenders with:

• Autonomous breach and simulation exercises
• Identifying weak points within a network
• Lowering the cost of training employees
• Highlighting gaps in defenses
• Reducing resources needed by security teams
• Providing a platform for research and development of defenses
• Answering questions concerning detection and response

Caldera also maps its capabilities back to the MITRE ATT&CK™ framework when possible. In doing so, the project further helps industry practitioners to improve their adoption of threat-informed defense in the above-mentioned use cases.

In short, Caldera streamlines cyber security assessments and helps defenders to better respond to adversary behaviors. For many cybersecurity teams today, identifying potential threat indicators is mainly based on ever-changing indicators of compromise rather than actual adversary behavior. Caldera is distinguished from other projects because it helps defense teams detect and respond to threat actor behaviors, rather than just detecting indicators of compromise.

Who helps manage Caldera?

“It takes a village…” Caldera is truly team-based. This platform has been created, designed, tailored, and updated by a growing team of red-teamers, software developers, exploit writers, cyber threat analysts, AI researchers, cyber security engineers and computer scientists who pursue the common goal of building a premier adversary emulation platform for our US sponsors and cyber security defenders around the world. Our mission is to keep pushing the state-of-the-art of using adversary emulation for enhancing cyber security and keeping the good guys many steps ahead of the bad guys.

How can I use Caldera?

As stated in the project’s documentation on GitHub, Caldera comprises two major components:

1. The Core System: A command-and-control server that has a full-featured web interface.
2. Plugins: Separate repositories that add more features and functionality to Caldera.

To download Caldera, users can start by navigating to the main GitHub page where the repository can be cloned. After installing Caldera, the platform can be tested. In order to help users become more familiar with using the platform, our team has developed a Training plugin. After completing the training, the plugin will provide a certificate of completion.

As many readers may know, security training comes with many challenges of its own. Given that Caldera is an open-source tool with diverse capabilities, users can minimize some of the duties of traditional routine cybersecurity testing.

What’s next for the Caldera blog?

This blog post is just one of many to come! Coming soon, we will be releasing more content and material on the blog to better describe the Caldera project, including:

• Introductions
• Use case walk-throughs
• New features/plugins
• …Much more!

If you have ideas about what you would like to learn more about, please feel free to leave a comment below.

To all our readers, welcome to the Caldera blog and we hope to see you again for our future posts!

Connect with us on the Caldera Slack channel.

©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Case 22–00551.