Halberd is an advanced security testing platform that enables security teams to validate cloud security controls through sophisticated attack emulation. By providing comprehensive coverage across Microsoft Entra ID, Microsoft 365, Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), Halberd helps organizations:
- Validate Security Controls : Test detection and prevention capabilities across your cloud infrastructure
- Generate Attack Telemetry: Create realistic security events to tune and optimize your security monitoring
- Automate Security Testing: Build and execute complex attack chains to assess security resilience
- Accelerate Red Team Operations: Rapidly deploy testing scenarios through an intuitive interface
- 🔬 Advanced Attack Framework: Execute sophisticated attack techniques mapped to MITRE ATT&CK
- 📊 Intelligence Dashboards: Gather deep insights into security posture through visual analysis
- 🔄 Automated Playbooks: Chain multiple techniques into comprehensive attack scenarios
- 📈 Detailed Reporting: Generate executive and technical reports on security testing outcomes
- 🔌 Extensible Architecture: Add custom techniques through a robust development framework
- 🌐 Cross-Platform Support: Test security controls across all major cloud providers
-
Clone the repository:
git clone https://github.com/vectra-ai-research/Halberd.git -
Configure the environment::
cd Halberd python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate pip install -r requirements.txt -
Install Azure CLI:
- Windows: Official Microsoft guide
- Linux:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash - macOS:
brew update && brew install azure-cli
-
Launch Halberd:
python3 run.py -
Access the interface at
http://127.0.0.1:8050/and begin testing
# Custom Host & Port
python3 run.py --host 0.0.0.0 --port 8050
# Enable TLS
python3 run.py --ssl-cert /path/to/cert.pem --ssl-key /path/to/key.pem
# Configure Logging
python3 run.py --log-level debug
# Development Mode
python3 run.py --dev-server --dev-server-debug
-
Attack Execution & Testing:
- Select target environment (Entra ID/M365/Azure/AWS/GCP)
- Browse techniques by MITRE ATT&CK tactics
- Execute attacks across multiple clouds
- Manage access with built-in access manager
- View results with rich output formatting
- Generate attack telemetry
-
Attack Automation:
- Create automated attack playbooks
- Chain multiple techniques into attack sequences
- Import/Export playbooks for sharing
- Schedule recurring security tests
-
Security Analysis:
- Track testing metrics through intuitive dashboards
- Visualize attack paths and impact
- Identify security gaps
- Generate comprehensive test reports
- Export results for compliance evidence
For detailed usage instructions, visit Halberd Wiki - Usage.
Got ideas? Found a bug? Want to add that new cool feature? Check out the contribution guidelines and let's make Halberd even more awesome together.
Halberd is developed by Arpan Sarkar and is inspired by the excellent work of the cloud security community.
Now go forth and hack responsibly! 🚀