Halberd is an advanced security testing platform designed for security teams to emulate sophisticated attacks and validate cloud security controls across Microsoft Entra ID, Microsoft 365, Azure, AWS, and GCP. It aims to help organizations test detection and prevention capabilities, generate realistic attack telemetry for tuning security monitoring, and automate complex attack chains for resilience assessment.

How It Works

Halberd utilizes an agentic framework, potentially leveraging LLMs, to execute sophisticated attack techniques mapped to the MITRE ATT&CK framework. It supports automated playbooks for chaining techniques, scheduling tests, and provides detailed analysis through an interactive dashboard and reporting features. Its extensible architecture allows for the addition of custom techniques.

Quick Start & Requirements

• Install: Clone the repository, set up a Python virtual environment (python3 -m venv venv, source venv/bin/activate), install dependencies (pip install -r requirements.txt), and install Azure CLI.
• Run: python3 run.py
• Prerequisites: Python 3, Git, Azure CLI.
• Access: The interface is available at http://127.0.0.1:8050/.
• Docs: Halberd Wiki - Usage

Highlighted Details

• Multi-cloud support for Entra ID, M365, Azure, AWS, and GCP.
• Attack emulation mapped to MITRE ATT&CK.
• Automated attack playbooks and scheduling.
• LLM and agentic framework integration for enhanced testing.
• Extensible architecture for custom techniques.

Maintenance & Community

Developed by Arpan Sarkar. Contribution guidelines are available for community involvement.

Licensing & Compatibility

The repository does not explicitly state a license in the provided README.

Limitations & Caveats

The README does not detail specific limitations, known bugs, or deprecation status. The project appears to be actively developed with community contribution encouraged.