EDRmetry Matrix is a powerful, hands-on playbook crafted to empower security professionals to evaluate Linux EDR/Runtime Security. Aligned with the MITRE ATT&CK™ Framework, it offers a cost-effective, customizable approach to simulating real-world Linux attacks. Fueled by continuous research into emerging threats, EDRmetry Matrix serves as a dynamic hub for cutting-edge offensive Linux expertise. Know your enemy through hands-on experience.
What is included?
360+ dedicated offensive techniques in a copy-paste-run format, ready for chaining
Docker container image for your local deployment + instructions
Downloadable JSON database for your local deployment + instructions
TARGET_X VM image + deployment scripts
Continuous updates with emerging attack techniques (for one year from purchase)
365-day HTTPS web-based access to the extensive EDRmetry Matrix (on request)
Discord Channel Access
*** Full access to the product will be provided within a maximum of two days after purchase. Work is in progress to automate this process. ***
Understanding the Linux threat ecosystem and the effectiveness of your Linux cybersecurity measures is more critical than ever. While you invest in expensive security tools like EDR/XDR, set up Security Operations Centers (SOCs), and implement Security Information and Event Management (SIEM) systems, several questions arise:
What are the top Linux techniques, tactics, and corresponding risks?
How to stay up to date on Linux threats, and what does the Linux threat landscape look?
How to provide training opportunities on demand for red and blue teams without organizing dedicated training sessions and workshops?
How to train your Linux incident response procedures?
How to customize your Linux SIEM/EDR configuration?
How to make sure your Linux detection/prevention is working properly?
How can you determine, before purchasing, your organization's most suitable Linux Endpoint Detection and Response (EDR) solution?
What feature set and visibility level should the Linux EDR solution include and provide?
There is only one way to answer these questions:
Generating offensive events in the form of controlled, individual attack simulations and full attack paths, including remote exploitation
Analysis of individual alerts and telemetry sources to understand the complete functionality of the EDR/Runtime Security/IR/SIEM system in a detailed and practical manner
Discover EDRmetry Matrix - Your Comprehensive Hands-On Linux Attack TTPs Catalog
With EDRmetry Matrix, you gain easy hands-on experience evaluating your chosen Linux security solution against simulated real-world attacks. Aligned with the MITRE ATT&CK™ Framework, this robust playbook offers a cost-effective, customizable approach to testing, featuring 360+ dedicated offensive techniques in a copy-paste-run format, ready for chaining. Backed by continuous research into emerging threats, it provides deep insights into your defensive technology, helping you identify and address potential gaps in system configuration visibility. Simultaneously, you’ll master dozens of offensive techniques used in real-world Linux attacks, enhancing your ability to respond to incidents efficiently. As several questions arise about the evolving threat landscape, EDRmetry Matrix serves as your dynamic, centralized knowledge base for navigating the offensive Linux threat ecosystem with confidence.
Below you can find a few examples of how the EDRmetry Linux Matrix looks in detail, what content and format it provides. Open images in a new tab to get full-size screenshots.
Close the gaps in your Linux Security posture by emulating Linux threats faster using a playbook with copy-paste "EDRmetries" testing units
Boost your offensive Linux skills from the central knowledge base in Matrix format
Learn about current trends in Linux attack techniques and tactics
Reduce costs and time needed for Linux EDR/SIEM evaluation testing and research
Focus on the practical usage of offensive snippets of code
Find criteria and features to consider when evaluating a Linux EDR platform
Run coverage checking of SIEM-oriented Linux detections
Explain what to expect from modern Linux EDR/SIEM products with a focus on the internals, capabilities, detections, and operations
Be able to ask Linux EDR/SIEM vendors the right questions about their products
Create complete and complex Linux attack paths; the full scope of Linux Kill Chain attacks is covered
Choose and validate the best Linux EDR/SIEM for your organization
Augment the SOC efficiencies and knowledge level of your Linux teams
Extend the functionality of your Breach and Attack Simulation Systems (BAS enrichment)
The proposed method and offensive content have been consistently evaluated as highly valuable during professional services and training sessions at prestigious cybersecurity conferences, such as Black Hat USA/Singapore, OrangeCON, and also during private training for the biggest companies all over the world.
SOC Operators
Red Teams / Blue Teams
Incident Response / DFIR teams
Linux Experts / Linux Administrators
DevOps / Opsec teams
Enterprise Management still connected to the technical area
Open Source enthusiasts with a passion for Linux
Security managers, CISOs, and CIOs to ensure their detections work as expected
Text section
Create the biggest Linux Offensive Security Compendium in one place
Become Central EDR/SIEM Linux knowledge base
Raising awareness of Linux security and evaluating your Linux security posture
Establish commercial cooperation with global EDR/XDR vendors and partners
A complementary offer including:
EDRmetry Linux EDR/XDR Evaluation Testing Playbook
Self-learning hands-on courses recognized and used by market leaders
Live, On-site or remote training / knowledge transfer
Linux EDR/SIEM/NDR Evaluation Testing Professional Services
This FAQ covers various aspects of the EDRmetry, including its purpose, target audience, unique features, technical details, usage, benefits, and additional services.
EDRmetry Matrix is an advanced tool designed to evaluate and enhance your Linux security system posture, with a specific focus on assessing EDR/XDR/SIEM detection capabilities. It serves as a comprehensive, vendor-agnostic playbook for offensive Linux testing and operations, providing cybersecurity professionals with the means to thoroughly test and improve their Linux-based security infrastructure.
EDRmetry Matrix addresses several critical challenges in the cybersecurity landscape:
1. The increasing complexity of Linux-based attacks and the need for specialized testing tools
2. The difficulty in evaluating the effectiveness of EDR/XDR solutions in Linux environments
3. The knowledge gap in understanding and mitigating Linux-specific security threats
4. The need for practical, hands-on tools to improve SOC capabilities and incident response in Linux ecosystems
EDRmetry Matrix stands out in several ways:
1. Linux Focus: Unlike many tools that primarily target Windows environments, EDRmetry Matrix is specifically designed for Linux systems.
2. Comprehensive Knowledge Base: It provides a centralized repository of Linux offensive techniques with ready-to-use code snippets.
3. Practical Approach: EDRmetry Matrix emphasizes real-world attack scenarios and techniques observed in actual APT activities.
4. Modularity: The tool allows for creating full attack chains, useful in threat emulation and forensics exercises.
EDRmetry enables a wide range of security tests, including but not limited to:
1. Full kill chain testing: From initial access to command and control (C2) and data exfiltration
2. EDR/XDR efficacy evaluation: Testing detection capabilities against various attack techniques
3. SIEM integration testing: Assessing how security events are captured and processed
4. Custom attack chain creation: Building and executing tailored attack scenarios
5. Network-oriented security checks: Profiling network traffic and testing NIDS/NIPS/Corporate Proxy and NG-Firewalls
EDRmetry Matrix is designed to be vendor-agnostic, allowing you to:
1. Test multiple EDR/XDR solutions using the same set of techniques
2. Compare detection capabilities across different products
3. Identify strengths and weaknesses in each solution's approach to Linux security
4. Fine-tune and optimize your chosen EDR/XDR solution based on test results
Yes, EDRmetry Matrix is designed with flexibility in mind:
1. It can augment tools like Mitre CALDERA or Atomic Red Team with Linux-specific techniques.
2. The modular approach allows for integration with various security testing frameworks.
3. Future plans include full execution automation as separated EDRmetry Pulse product.
EDRmetry Matrix is designed to be accessible to a range of users:
1. For less experienced users: Step-by-step instructions and copy-paste code snippets make it easy to get started
2. For advanced users: Customization options and the ability to create complex attack chains cater to more sophisticated needs
3. Built-in educational resources help users of all levels improve their Linux security knowledge
1. Deployment: EDRmetry Matrix is provided as a self-hosted Docker container with a corresponding JSON database ready for importing. We also provide a TARGET_X VM image prepared for attack emulation, which can be installed in your own lab environment.
2. Updates: New techniques are added monthly, reflecting the latest trends in Linux-based attacks and APT activities
3. Customization: Users have admin privileges to add or modify playbook definitions, allowing for environment-specific adaptations.
1. Proactive Defense: Enables organizations to stay ahead of potential threats by understanding and testing against the latest attack techniques
2. Informed Decision Making: Provides concrete data to support EDR/XDR selection and optimization
3. Skill Development: Enhances the capabilities of internal security teams through practical experience
4. Compliance Support: Helps in demonstrating due diligence in security testing and improvement efforts
5. Cost Efficiency: Reduces the need for multiple tools or extensive external consultations for Linux security testing
1. Comprehensive Visibility: Gain a clear understanding of your Linux environment's security posture
2. Resource Optimization: Make informed decisions about security investments based on actual performance data
3. Risk Management: Identify and address security gaps before they can be exploited
4. Team Empowerment: Provide your security team with an advanced offensive tool to enhance their skills and effectiveness
5. Vendor Management: Improve negotiations with EDR/XDR vendors by having concrete data on product performance
1. Evidence Generation: Creates detailed logs of security tests and their outcomes
2. Gap Analysis: Helps identify areas where security controls may be insufficient for compliance requirements
3. Continuous Improvement: Supports ongoing security posture assessment and enhancement
4. Documentation: Provides materials that can be used to demonstrate security testing efforts to auditors
1. Detection Improvement: Quantify the increase in threat detection rates
2. False Positive Reduction: Measure the decrease in false alarms after optimizing EDR/XDR configurations
3. Incident Response Efficiency: Track improvements in response times and effectiveness
4. Training Cost Reduction: Calculate savings from in-house skill development vs. external training
5. Breach Prevention: Estimate potential cost savings from preventing security breaches
1. Detection Coverage: Percentage of known attack techniques successfully detected
2. Time to Detection: Average time taken to identify malicious activities
3. False Positive Rate: Number of false alarms generated during testing
4. Evasion Success Rate: Percentage of techniques that successfully evade detection
5. System Impact: Performance impact of security solutions under various attack scenarios
1. Discord Channel and email.
2. Regular Updates: Monthly additions of new attack techniques and tooling improvements.
3. Professional Services: Optionally for advanced consulting services from Defensive Security experts
Yes, Defensive Security provides several additional services:
1. Custom Deployment Assistance: Help with setting up EDRmetry in your specific environment
2. Advanced Consulting: Expert guidance on interpreting results and improving security posture
3. Tailored Training: Customized workshops on Linux security and EDR/XDR optimization
4. Threat Emulation: Assistance in creating and executing advanced attack scenarios
5. Continuous Support: Ongoing expert support for evolving security needs
Request for pricing by email: edrmetry@defensive-security.com
1. Cloud Security: Expanded focus on cloud-native Linux environments and container security
2. AI/ML Integration: Exploration of machine learning for predictive security testing
3. BAS Integration
4. Full execution automation as a separate EDRmetry Pulse product
1. Continuous Research: Ongoing analysis of emerging Linux-based threats and attack techniques
2. Community Input: Incorporation of insights from the cybersecurity community
3. APT Tracking: Regular updates based on observed APT group activities
4. Flexible Architecture: Modular design allowing for rapid incorporation of new testing methodologies
5. Feedback Loop: Continuous improvement based on user experiences and real-world applications