Skip to content

Issue 584 compare halberd #699

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
christophetd merged 3 commits into from
Oct 2, 2025
Merged

Issue 584 compare halberd #699

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
834218e
Initial commit on comparison with halberd
za Nov 19, 2024
2c28c7a
Update the comparison with Halberd
za Sep 3, 2025
f2ab41a
Merge branch 'main' into issue-584-compare-halberd
za Sep 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions docs/comparison.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,17 @@ For instance, [AWS - Create Access Key and Secret Key](https://github.com/redcan

However, the attack technique format of Atomic Red Team is [based on YAML](https://github.com/redcanaryco/atomic-red-team/blob/7576aff377781ba3546c0835e48bffc980b4cbc8/atomics/T1098.001/T1098.001.yaml#L169-L196), and it's therefore easier to add new TTPs, even if they are not in the core of Atomic Red Team.


## [Halberd](https://github.com/vectra-ai-research/Halberd) by Vectra AI.

> Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.

Halberd is written in Python while stratus-red-team is written in Go and terraform file. Stratus-red-team provisions cloud infrastructure using terraform as IaC (Infrastructure as a Code) while Halberd doesn't have this feature. Halberd UI (User Interface) is using GUI (Graphical User Interface) while stratus-red-team is using CLI (Command Line Interface).

Halberd is validating security control by simulating attacks on cloud infrastructure, while stratus-red-team is simulating attacks: from provisioning the cloud infrastructure, performing the attacks and deleting the created cloud resources. Both of the tools are using MITRE Attack to categorize the attacks.

Halberd supports following platform: AWS, Azure, Microsoft Entra ID, GCP, and Microsoft M365 while stratus-red-team supports: AWS, Azure, AWS EKS (AWS Kubernetes Managed Service), Microsoft Entra ID, GCP and Kubernetes.

## [Leonidas](https://github.com/FSecureLABS/leonidas) by F-Secure (Nick Jones)

> Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties
Expand Down
Loading