Program

/

CODE BLUE 2025

Time Table

GHARF:GitHub Actions RedTeam Framework

DAY 1

15:00-15:40

While the importance of Red Team exercises has been increasing in recent years, the process of developing attack scenarios, preparing tools, and building execution environments requires a significant amount of time and effort. This poses a major challenge that limits the frequency and quality of exercises.

To address these challenges, we have developed “GHARF,” an innovative framework that applies the mechanisms of Continuous Integration / Continuous Delivery (CI/CD) to Red Team operations, enabling efficient exercise execution.

This tool automates various phases, from the development of simulated attacks to their preparation and execution, by applying the CI/CD build and delivery mechanisms to Red Team operations. This significantly improves the efficiency of Red Team operations and enables rapid operational cycles. We call this concept “Continuous Attack Integration / Continuous Attack Delivery, Deployment (CAI/CAD).”

Tools offering similar functionalities include MITRE CALDERA and Atomic Red Team, which are categorized as BAS (Breach and Attack Simulation) tools. These tools aim to reduce Red Team workload and enable self-assessment by Blue Teams through the automation of simulated attacks. In contrast, GHARF is characterized by its focus on improving the efficiency of Red Teams themselves when conducting operations. Our approach aims to optimize the process for Red Teams to pursue more advanced and practical attack scenarios.

GHARF, at present, is limited to conveying the concept from an ethical perspective. However, we believe that by presenting concrete examples of CAI/CAD through this presentation, this concept will spread and contribute to the further development of the Red Team field.

Details of the tool are available in the README of the GitHub repository below. Please refer to it.

https://github.com/nttcom/gharf

  • Location :

    • Track 3(Room 3)

  • Category :

    • Bluebox

  • Share :

Speakers

  • 久保 佑介 の写真

    Yusuke Kubo

    久保 佑介

    Yusuke Kubo works as an Offensive Security Researcher at NTT DOCOMO BUSINESS, Japanese Telecommunication Company, and is also NTT Group Certified Security Principal. And he contributed to MITRE ATT&CK regarding Safe Mode BooT1562.009).

  • マツモト ユウキ の写真

    Yuuki Matsumoto

    マツモト ユウキ

    A junior offensive security researcher at NTT Docomo Business. Engaged in researching attack methods and internal Red Team operations. Also, a CTF player specializing in web security, occasionally participating in bug hunting.