APT Cyber Killchain Simulator 🚀

Interactive Red Team & Blue Team training platform simulating real-world APT group operations with terminal-based adventures. Choose your role, select your APT adversary, and execute complete killchains or defensive operations.

🎮 Architecture

TUI Menu (dialog) → Select Script → Execute (gum-based) → Return to Menu

Launcher: Professional ncurses TUI using dialog (standard Linux/macOS) Scripts: Interactive adventures using gum (Charmbracelet)

✨ Features

Component	Technology	Description
Launcher	`dialog` (ncurses)	Professional TUI menu system
Red Team Scripts	`gum` + bash	14-phase interactive killchains
Blue Team Scripts	`gum` + bash	10-phase defense assessments
MITRE Coverage	Manual mapping	32+ ATT&CK techniques
Expandable	File-based detection	Drop scripts → Auto-appears

🚀 Quick Start

# 1. Install dependencies
sudo apt install dialog        # TUI menu (Linux)
brew install dialog            # TUI menu (macOS)
brew install gum               # Script framework

# 2. Run launcher
chmod +x apt-simulator.sh
./apt-simulator.sh

📱 User Experience

┌─────────────────────────────────────────────┐
│            [ MAIN MENU ]                    │
│                                             │
│   1  🔴 Red Team                            │
│   2  🛡️  Blue Team                          │
│   3  ❌ Exit                                │
│                                             │
└─────────────────────────────────────────────┘
         ↓ Select "Red Team"
┌─────────────────────────────────────────────┐
│         [ SELECT APT GROUP ]                │
│                                             │
│   1  🇷🇺 APT28 (Fancy Bear)                 │
│   2  🇷🇺 APT29 (Cozy Bear)                  │
│   3  🇰🇵 Lazarus Group                      │
│   ...                                       │
└─────────────────────────────────────────────┘
         ↓ Select "APT28"
         ↓ Launches apt28-killchain.sh
┌─────────────────────────────────────────────┐
│  🎯 PHASE 1: RECONNAISSANCE (TA0043)       │
│  Target Organization? [input box]          │
│  → DNC Servers selected                    │
│  ✅ OSINT complete                         │
└─────────────────────────────────────────────┘

🎓 Training Scenarios

✅ Currently Available

APT Group	Red Team Script	Blue Team Script	Status
APT28 (Fancy Bear)	`apt28-killchain.sh`	`blueteam-apt28-defense.sh`	LIVE
APT29 (Cozy Bear)	`apt29-killchain.sh`	`blueteam-apt29-defense.sh`	LIVE
Lazarus Group	`lazarus-killchain.sh`	`blueteam-lazarus-defense.sh`	LIVE
APT41 (Winnti)	`apt41-killchain.sh`	`blueteam-apt41-defense.sh`	LIVE
Lazarus Group	`lazarus-killchain.sh`	`blueteam-lazarus-defense.sh`	LIVE

⏳ Planned Implementations

APT Group	Attribution	Notable Operations
APT41 (Winnti)	🇨🇳 China	Double Dragon
Sandworm	🇷🇺 GRU	NotPetya, Ukraine Grid
APT32 (Ocean Lotus)	🇻🇳 Vietnam	Southeast Asia
Equation Group	🇺🇸 NSA	FoxAcid Exploits
Turla	🇷🇺 FSB	Venomous Bear

📊 Sample Outputs

TUI Menu Navigation

[dialog ncurses interface - keyboard navigation]
↑/↓ arrows to select
Enter to launch
ESC to go back

Red Team Script Execution (APT28)

🇷🇺 APT28 FANCY BEAR SIMULATOR
PHASE 1: RECONNAISSANCE (TA0043)
[gum choose] Select target: US State Department
[gum spin] OSINT collection...
✅ Emails harvested: 1,247 targets

🎖️ MISSION COMPLETE
Stealth Score: 87/100 ✅ EXCELLENT
Compromised: 12 hosts | Exfiltrated: 2.4GB

Blue Team Script Execution (APT28)

🛡️ APT28 DEFENSE OPERATIONS
PHASE 1: ASSET INVENTORY
[gum input] Domain Controller: DC01.corp.local
[gum spin] Scanning network...
✅ Total endpoints: 347

🛡️ SECURITY GRADE: A - Excellent
Score: 92/100 | Threat Level: LOW
Controls: 28 deployed | Detection Rate: 89%

🎯 MITRE ATT&CK Coverage (APT28)

Tactic	Red Team Implementation	Blue Team Detection
Reconnaissance	TA0043 - OSINT, Active Scanning	Sigma Rules, Threat Intel
Initial Access	T1566.001 - Spear-phishing	Email Sandbox, DMARC
Execution	T1059.001 - PowerShell	Script Block Logging
Persistence	T1547.001 - Registry Run Keys	Sysmon EID 13
Privilege Escalation	T1068 - Exploit for Privilege	Credential Guard
Defense Evasion	T1055 - Process Injection	Behavioral EDR
Credential Access	T1003.001 - LSASS Memory	LSA Protection
Lateral Movement	T1021.002 - SMB/Windows Shares	Network Segmentation
Collection	T1114 - Email Collection	DLP Controls
Exfiltration	T1041 - C2 Channel	NetFlow Analysis

👥 Perfect For

Red Team Operators - Realistic TTP execution with stealth scoring
Blue Team Analysts - Detection rule validation and IR practice
Purple Team Exercises - Collaborative attacker/defender training
SOC Training - Incident response workflow development
EDR Testing - Platform capability assessment against APT TTPs
Certification Prep - OSCP, GCIH, GCFA, CySA+ practical scenarios
CTF/Lab Environments - TryHackMe, Hack The Box companion tool

🔧 Technical Details

TUI Launcher (`apt-simulator.sh`)

Framework: dialog (ncurses-based)
Navigation: Keyboard-driven menus (↑/↓/Enter/ESC)
Script Detection: Auto-discovers red-team/*.sh and blue-team/*.sh
Exit Handling: Clean return to shell prompt
Dependencies: Standard on most Linux/macOS systems

Interactive Scripts (Red/Blue Team)

Framework: gum (Charmbracelet terminal toolkit)
Components: gum choose, gum input, gum spin, gum style, gum format
Output: Logs, reports, session data to /tmp/apt-*
Metrics: Stealth scores (Red), Security grades (Blue)

📈 Metrics & Reporting

Red Team Outputs:

Stealth Score (0-100)
Compromised assets inventory
Exfiltration volume (GB)
MITRE ATT&CK technique coverage
After Action Report (AAR)

Blue Team Outputs:

Security Grade (A-F, 0-100)
Deployed controls list
Detection rule coverage
Gap analysis recommendations
Assessment report

🤝 Contributing

Add New APTs: Create red-team/aptXX-killchain.sh + matching Blue Team script
Enhance TTPs: Add new MITRE techniques to existing simulators
Detection Rules: Expand Sigma/YARA coverage in Blue Team scripts
Submit PR: Include demo video/screenshots

# Example: Adding APT29
git checkout -b feature/apt29
cp red-team/apt28-killchain.sh red-team/apt29-killchain.sh
# Customize for Cozy Bear TTPs (supply chain, cloud attacks)
git add . && git commit -m "Add APT29 Cozy Bear simulator"
git push && Open PR ✨

🆕 What's New in v1.0

✨ Professional TUI launcher using ncurses dialog ✨ Auto-discovery of APT scripts - no hardcoding needed
✨ Clean separation - Menu (TUI) vs Scripts (gum adventures) ✨ Keyboard navigation - Arrow keys, Enter, ESC
✨ Production ready - Error handling, script validation

Built by cybersecurity practitioners for training the next generation of defenders & operators

⭐ Star if useful! 🚀 Fork & contribute new APTs! 🛡️ Train your SOC today!

Quick Commands

# Install everything
sudo apt install dialog && brew install gum

# Launch simulator
./apt-simulator.sh

# Add new APT
cp red-team/apt28-killchain.sh red-team/mynew-apt.sh

# Test script directly
bash red-team/apt28-killchain.sh

Ready for production cybersecurity training environments! 🎓

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
blue-team		blue-team
red-team		red-team
LICENSE		LICENSE
README.md		README.md
apt-simulator.sh		apt-simulator.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

APT Cyber Killchain Simulator 🚀

🎮 Architecture

✨ Features

🚀 Quick Start

📱 User Experience

🎓 Training Scenarios

✅ Currently Available

⏳ Planned Implementations

📊 Sample Outputs

TUI Menu Navigation

Red Team Script Execution (APT28)

Blue Team Script Execution (APT28)

🎯 MITRE ATT&CK Coverage (APT28)

👥 Perfect For

🔧 Technical Details

TUI Launcher (`apt-simulator.sh`)

Interactive Scripts (Red/Blue Team)

📈 Metrics & Reporting

🤝 Contributing

🆕 What's New in v1.0

Quick Commands

About

Uh oh!

Releases 3

Packages

Languages

License

SpikeTheDragon40k/APT_Simulator_TextAdventure

Folders and files

Latest commit

History

Repository files navigation

APT Cyber Killchain Simulator 🚀

🎮 Architecture

✨ Features

🚀 Quick Start

📱 User Experience

🎓 Training Scenarios

✅ Currently Available

⏳ Planned Implementations

📊 Sample Outputs

TUI Menu Navigation

Red Team Script Execution (APT28)

Blue Team Script Execution (APT28)

🎯 MITRE ATT&CK Coverage (APT28)

👥 Perfect For

🔧 Technical Details

TUI Launcher (apt-simulator.sh)

Interactive Scripts (Red/Blue Team)

📈 Metrics & Reporting

🤝 Contributing

🆕 What's New in v1.0

Quick Commands

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Languages

TUI Launcher (`apt-simulator.sh`)

Packages