Interactive Attack Path Builder¶

Build realistic adversary attack chains by selecting from 30+ predefined attack steps mapped to MITRE ATT&CK techniques. The builder calculates cumulative risk scores, shows detection coverage from Nexus SecOps content, and exports a structured report for purple team exercises.

How to Use¶

1. Browse the library on the left. Filter by ATT&CK tactic using the buttons.
2. Click a step to add it to your attack chain on the right.
3. Review the dashboard for cumulative risk score, detection coverage, and stealth rating.
4. Check the ATT&CK mapping table to see technique IDs and gap analysis.
5. Remove steps by hovering over a chain step and clicking the X button.
6. Load an example preset to study common kill chains.
7. Export a report to share with your purple team or document findings.

Pre-Built Attack Paths¶

Ransomware Kill Chain¶

Phishing Attachment Macro Execution PowerShell Scheduled Task LSASS Dump SMB Lateral Movement Service Stop Data Encrypted for Impact

Key insight: 7 of 8 steps have detection coverage in Nexus SecOps. The chain relies on speed — defenders must detect early-stage indicators before lateral movement begins.

APT Data Exfiltration¶

Exploit Public App Web Shell Process Injection UAC Bypass AD Discovery Kerberoasting SMB Lateral Data Staging Exfil Over C2

Key insight: The UAC Bypass step has detection coverage, but Process Injection and Data Staging are gaps. APT chains prioritize stealth over speed.

Insider Threat¶

Valid Accounts Account Discovery AD Discovery Email Collection Data Staging Exfil Over Web Service

Key insight: Insider threat paths have the highest average stealth rating. Only 2 of 6 steps are detected because legitimate credential use blends with normal activity. Focus on behavioral analytics and DLP.

Related Resources¶