EDRmetry Linux Matrix For Download / Self-Hosted - Comprehensive Hands-On Attack TTPs Catalog
- Buy now
- Learn more
1. EDRmetry Overview

Introduction
What you will get?
Goals / What to expect
EDRmetry Matrix
Virtual Machines / C2
EDRmetry Generic Flow
Contextual Execution
Changelog / Updates
2. EDRmetry Deployment

Deploy your EDRmetry Matrix Docker Container
Download EDRmetry Matrix JSON Database
Import your EDRmetry Matrix JSON Database
Provision your TARGET_X VM
Provision your KALI_X or C2_X VM
Request for HTTPS Hosted Access to EDRmetry Matrix
3. Research and emulation of Linux threats

MITRE ATT&CK TACTICS in the Linux Ecosystem
Linux Threat Landscape
Initial Access - TA0001
Discovery - TA0007
Execution - TA0002
Defense Evasion - TA0005
Persistence - TA0003
Privilege Escalation - TA0004
Exfiltration - TA0010
Command and Control - TA0011
Lateral Movement - TA0008
Credentials Access - TA0006
Impact - TA0040
Collection - TA0009

EDRmetry Generic Flow

To efficiently use the EDRmetry Matrix, we created a proposed generic flow consisting of six simple steps:

1. Provision your TARGET_X, KALI_X, or C2_X VMs.

2. Install EDR/Runtime Security/DFIR engine @ TARGET_X:

Choose and install the Linux EDR/Runtime Security/DFIR engine you want to evaluate. In the area of Open Source projects, we recommend taking a look at:
- Falco Runtime Security
- Kunai Runtime Security
- Jibril Runtime Security
- Tetragon Runtime Security
- Elastic Security
- Wazuh
- OSquery + osquery-defense-kit
- Velociraptor IR
- Zeek NIDS
- Suricata NIDS

3. Search Technique:

Identify relevant techniques from a comprehensive EDRmetry database.

4. Choose offensive commands:

Extract the necessary commands or code snippets and follow step-by-step instructions.

5. Execute attack emulations:

Prepare attack chains or manually execute single offensive tests on a vulnerable-by-design TARGET_X Linux system.

6. Verify detections and alerts:

Check detections, telemetry, and alerts generated within the chosen EDR/Runtime/SIEM platform.

7. Dig deeper:

Make configuration changes to your EDR/Runtime/DFIR or ask the EDR/SIEM vendor questions.
Create complex attack paths
Do additional research