About MACAT
There's a gap in adversary simulation tooling. On one side, you're writing throwaway scripts to configure PowerShell or Python-based utilities. On the other, you're installing and learning massive C2 web applications with Docker, plugins, and agents. Neither is a good use of your time if all you need is to run some procedures for detection engineering and defense validation.
Existing frameworks are Red Team-focused. They're stealthy and capable, and you should use them where appropriate. But when you need to rip through procedures to test your detections and defenses, those tools aren't built for that. Your defenders should be able to run these tests too, not just the Red Team.
Put your adversary simulation effort into defense and tracking. The most important work is detecting, defending, and responding, not intimately learning every attacker tool. An ideal setup for many organizations is:
You can expand on this as your program matures, but start where it counts.
MACAT is not a full emulation tool. You should still perform manual Purple Team exercises for authenticity. MACAT's method of execution makes it more likely to be signatured by defense tools, and that's by design. It triggers the telemetry and logging you need to test detections, validate defenses, and identify regression.
MACAT is a desktop application maintained by thebleucheese. It started as a simple utility to fill gaps during defense tool development, and grew from there.