MACAT Docs

Appearance

The Problem

There's a gap in adversary simulation tooling. On one side, you're writing throwaway scripts to configure PowerShell or Python-based utilities. On the other, you're installing and learning massive C2 web applications with Docker, plugins, and agents. Neither is a good use of your time if all you need is to run some procedures for detection engineering and defense validation.

Existing frameworks are Red Team-focused. They're stealthy and capable, and you should use them where appropriate. But when you need to rip through procedures to test your detections and defenses, those tools aren't built for that. Your defenders should be able to run these tests too, not just the Red Team.

Where MACAT Fits

Put your adversary simulation effort into defense and tracking. The most important work is detecting, defending, and responding, not intimately learning every attacker tool. An ideal setup for many organizations is:

  • VECTR — Program management, results tracking, and prioritization
  • MACAT — Procedural adversary simulation without the overhead
  • A dedicated Red Team — Advanced simulation with their C2 framework of choice

You can expand on this as your program matures, but start where it counts.

What MACAT Is Not

MACAT is not a full emulation tool. You should still perform manual Purple Team exercises for authenticity. MACAT's method of execution makes it more likely to be signatured by defense tools, and that's by design. It triggers the telemetry and logging you need to test detections, validate defenses, and identify regression.

Supported Platforms

Windows

Microsoft Windows 10 and 11 are supported.

MACAT requires WebView to be installed. If you have an older Windows 10 installation, you may need to update it to include WebView.

See Installation - Windows for installation instructions.

MacOS

MacOS on Apple Silicon is supported.

MACAT is distributed for MacOS as a .dmg application.

See Installation - MacOS for installation instructions.

Background

MACAT is a desktop application maintained by thebleucheese. It started as a simple utility to fill gaps during defense tool development, and grew from there.