At DEF CON Singapore 2026 Demo Labs, our founder Abhijith B R presented RedTeamSimmer, an open-source, web-based adversary emulation platform that gives Atomic Red Team the modern UI it has always needed.
Running atomic tests the traditional way means memorizing PowerShell syntax, managing prerequisites endpoint by endpoint, and stitching together scattered results with no central view. RedTeamSimmer solves that with a Flask server, lightweight Go agents, and a real-time web interface, so security teams can execute MITRE ATT&CK-mapped techniques in a few clicks. Operators deploy agents across multiple Windows endpoints, browse the full ATT&CK catalog, run tests with automatic prerequisite handling, and watch live, color-coded output from a single dashboard. It fingerprints 60+ AV/EDR products on target systems and keeps a full operations history for audit and compliance.
For defenders, every executed technique is correlated against offline Sigma, Splunk, and Elastic detection rules, making coverage gaps easy to spot and alerting easy to validate. RedTeamSimmer also ships with pre-built adversary emulation plans modeled on Atomic Red Team for real threat actors, including APT28, APT3, APT41, FIN7, Lazarus Group, and Wizard Spider, for multi-stage attack simulations. It was originally built for the “Mastering Breach and Adversarial Attack Simulation” training at DEF CON Trainings.
BreachSimRange runs red teaming, threat-led breach and adversary simulation that mirror how modern threat actors operate, so you find the gaps before they do.
Talk to us about Consulting