Nemesis: An offensive data enrichment pipeline

offensive data

Nemesis

Nemesis is an offensive data enrichment pipeline and operator support system.

Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments.

Nemesis aims to automate a number of repetitive tasks operators encounter on engagements, empower operators’ analytic capabilities and collective knowledge, and create structured and unstructured data stores of as much operational data as possible to help guide future research and facilitate offensive data analysis.

The goal of Nemesis is to create an extensible data-processing system for Adversary Simulation operations which takes data collected from C2 agents and provides efficiencies to operator workflows

Nemesis should be designed with a small core that wrangles data from various C2 platforms and outputs it to a system for data consumers to use. Examples of data consumers are:

  • ELK
  • File text extraction and storage
  • Sending discovered hashes to a hash cracker
  • Vulnerability discovery pipeline for binaries
  • etc.

Install & Use

Copyright (c) 2018, Lee Christense, Will Schroeder, and Maxwell Harley