Web CARTT: The Web-Based Cyber Automated Red Team Tool

Red teaming is a well-established methodology for ensuring and augmenting cyber system security; however, the training, expertise, and knowledge of appropriate tools and techniques required to perform effective red teaming come with a significant cost in time and resources. To address these issues, we have previously developed a "red team in a box" (RTIB) capability, called CARTT (Cyber Automated Red Team Tool), to perform automated red team actions on the internal enterprise network without the need for its users to be experts in this field. This current research has extended CARTT by developing a client/server model system that allows operators to perform red team testing on target networks from a simple remote web interface. Using a command-and-control architecture, the extended CARTT provides the ability for cyber operators and network administrators to identify hosts on a target network, conduct vulnerability analysis on those hosts and the target network, attempt to exploit discovered vulnerabilities based on user selected options, and generate the results of these red teaming actions. Additionally, CARTT now provides a tiered role system, so that higher level "commander" users can direct and monitor the actions and results of subordinate "operator" users; as well, the system provides an "administrator" management role. By providing a simple user interface that automates interaction with the underlying tools, operators are able to utilize CARTT without extensive training or experience in red team operations. The ease of use and reliance on open source software greatly reduces the requirements for organizations to use this tool for red teaming their networks.