Red Team Project
We build cybersecurity tooling
to help make open source more secure

What's this all about?

The Red Team Project incubates open source cybersecurity tools that support cyber range automation, containerized pentesting utilities, binary risk analysis, and standards validation.

Sponsored by the Linux Foundation, the Red Team Project's goal is to make open source software safer to use. Our approach is to use the same tools, techniques, and procedures as our adversaries — but in a constructive way — in order to provide feedback to open source projects that will make those projects more secure.

Cyber Range Automation

Ever wonder what people mean when they talk about “cyber ranges?” Well, if you've ever been to a gun range you've already got an idea. Like gun ranges, cyber ranges are used for training, testing, research and development -- but instead of kinetic devices, cyber ranges specialize in offensive and defensive simulation in the cyber domain.

To continue with the gun range analogy, consider the Aristotelian physical accidents of such a range. They likely have a berm at the back, followed by lanes, benches, lockers, parking, etc.. The physical accidents of a cyber range are the computers themselves, virtualization frameworks, and network topologies.

In today’s world of public and private cloud services, cyber range virtualization is easy to come by. But physical accidents aren’t enough -- kinetically speaking, a gun range lacks the essence of a gun range until you add firearms, ammunition, targets, shooters, range officers, and so forth. Similarly, a cyber range isn’t actually useful until you add vulnerable machine images, vulnerable application configs, attack platforms, exploits, and operators. Even with those added ingredients, a cyber range can’t actually be used for training until you have scenarios that are representative of real world situations that your red and blue teams will be facing.

Binary Risk Quantification

At Def Con 24, Sarah Zatko and Mudge unveiled their Cyber Independent Test Lab (Cyber-ITL), an effort to quantitatively analyze binaries for safety features, code complexity, and code hygiene. After their project update the following year at Def Con 25, sensing how vastly important the Cyber-ITL work would become, some engineers working with the Fedora Project decided to make an open source implementation of the Cyber-ITL’s methodology. The resultant project, the Cyber Test Lab, has been migrated to the Red Team Project, and is working on adding support of other Linux distributions.

The Cyber Test Lab (CTL) gives open source projects a way to analyze their code so they have some insight into how the Cyber-ITL will score their binaries. We also plan to make CTL easier to integrate into the SDLC so end users can prevent poorly-built binaries from going to production.

Our findings are published here.

Standards Advancement

Have you ever had to comply with FISMA requirements, write a System Security Plan, pursue an Authority To Operate? If so, you’ve probably come across NIST SP 800-53. The daunting scope of what NIST set out to do with enumerating all the security controls necessary to assure confidentiality, integrity, and availability yielded the yardstick by which Information Assurance is measured.

If you’ve gone through an accreditation process before, you’ve probably questioned the efficacy of some of the 800-53 controls. With the Red Team Project’s cyber range automation, it’s now possible to explore whether or not individual 800-53 controls actually work.

For a given control, we can:
 • Map the control to certain classes of exploits
 • Create a cyber range with systems vulnerable to those exploits
 • Automatically implement the control with our Compliant Ansible role
 • Test the mapped exploits against systems with and without the control implemented

We plan to provide empirical feedback to NIST regarding control efficacy in order to make more efficient standards going forward.

How to join

Want to get involved? There are lots of ways to jump in:

  • Join our Google Group

  • Follow us on Twitter

  • Take a look at our projects on GitHub. Pull requests welcome!

  • Review our open datasets (coming soon)

  • Join us at our Meetups, either in person or via Hangout


We make stuff here. Check out our tooling.

Linux Exploit Mapper

LEM scans a Linux system for local exploits and maps them to known exploit code.

Exploit Curation

LEM-mapped exploits are curated, i.e., tested for efficacy and ease-of-use using a variant of the STRIDE scoring mechanism


An Ansible role called cyber-range-target is used to deliberately downgrade OS packages to a version vulnerable to a given CVE

Red Container

Red Container offers containerized pentesting tooling, which can be launched from whole OSes or containerized environments like Kubernetes

Training Labs

Cyber range training scenarios that automatically launch and configure the cyber range via Deployment Manager and Ansible


Automatically apply DISA STIG settings to OS instances


Open source is all about community. Join us at our regular Meetups!

Featured Speaker

Come hear luminaries from the offensive security community. (Washington, DC)

Hack Nights

Learn how to use the Red Team Project tooling, contribute to our GitHub projects, and help us curate exploits. (Washington, DC)

Def Con 27

Going to Def Con? We'll be there, so let's hang out! (Las Vegas, NV)

Technical Steering Committee

The TSC helps the Red Team Project focus and be impactful

Jason Callaway

Red Team Project Lead

Dave Kennedy

TrustedSec founder, hacker extraordinaire

Dan Prieto

Google Cloud Strategic Executive


Head of security at Stripe, the David Bowie of infosec

Sarah Zatko

Cyber-ITL Chief Scientist

Justin Forbes

Fedora Kernel Maintainer