Self-Service · MITRE Caldera · Free Credit Included

Breach & Attack Simulation —
Try It Free Today

Deploy a lightweight agent. Choose an adversary. Run the simulation. Get a MITRE ATT&CK mapped report — all from your browser. No sales call. No setup fee. 5 free simulation credits on signup.

Start Free Simulation Get Sample Report
MITRE Caldera 29 Adversary Profiles CERT-In Compliant No Credit Card Required

From Signup to Report in Under 30 Minutes

Three simple steps. No consultant required. No waiting.

Step 1

Register & Get Free Credit

Create your account on the Ogma portal. Your first simulation credit is added automatically — no credit card required. Credits never expire.

Step 2

Deploy the Sandcat Agent

Download the lightweight Sandcat agent (single binary, <5 MB). Run it on any Windows or Linux target in your test environment. It phones home to our Caldera server and registers automatically.

Step 3

Run Simulation & Download Report

Choose your adversary profile, set your target, and launch. In 10–30 minutes you get a full MITRE ATT&CK mapped PDF report showing every technique attempted, what succeeded, and prioritised remediation steps.

29
Adversary Profiles
1,800+
Attack Techniques
MITRE
ATT&CK Mapped
5 Free
Credits on Signup

Platform Features

Everything you need to simulate, measure, and improve your security posture.

Real Adversary Profiles

Choose from 29 ready-to-run adversary profiles including APT28, APT29, Lazarus Group, REvil, Conti, and more — each mapped to real-world TTPs from MITRE ATT&CK.

Self-Service Portal

No waiting for a consultant. Log in, deploy the agent, pick your adversary, launch the simulation — all from your browser. Results in under 30 minutes for standard profiles.

Detailed MITRE Reports

Every simulation generates a PDF report with technique-by-technique results, ATT&CK heat map, detection gaps, and prioritised remediation guidance — ready for your CISO and board.

Scheduled Simulations

Schedule simulations during maintenance windows or at recurring intervals — weekly, monthly, after every major config change. Set it, run it, receive the report automatically.

SIEM & Tool Validation

See exactly which attacks your SIEM, EDR, and firewall detected versus missed. Quantify your detection coverage as a percentage of MITRE ATT&CK — and track improvement over time.

Trend Reporting

Compare simulation results across runs to track your security posture improvement. Month-on-month charts show which control gaps you've closed and where new exposures have appeared.

29 Ready-to-Run Adversary Profiles

From nation-state APT groups to ransomware operators — each profile executes authentic TTPs

Nation-State / APT
APT28 (Fancy Bear) APT29 (Cozy Bear) Lazarus Group APT41 Sandworm APT10
Ransomware Operators
REvil / Sodinokibi Conti LockBit BlackCat (ALPHV) Cl0p
Lateral Movement / Persistence
Mimikatz Credential Dump Pass-the-Hash Kerberoasting DCSync BloodHound Enumeration
Exfiltration / Impact
Data Exfiltration via DNS Living off the Land Supply Chain Compromise Defense Evasion

Plus 9 more custom adversary profiles. All profiles updated quarterly against current MITRE ATT&CK v14.

What's in the Report

Every simulation generates a comprehensive, board-ready report.

MITRE ATT&CK Heat Map
Visual coverage matrix showing which tactics and techniques were attempted and whether they were blocked or succeeded.
Technique-by-Technique Results
Success / failed / blocked / detected for every ability executed — with the raw output from the agent.
Control Coverage Percentage
The percentage of attempted TTPs that your security stack detected — your headline security effectiveness score.
Attack Path Visualisation
How an adversary would traverse your environment: initial access → execution → lateral movement → exfiltration.
Prioritised Remediation Table
Ranked by severity and exploitability so your team addresses the highest-risk gaps first.
Tool Tuning Recommendations
Specific SIEM rules, EDR policy changes, and firewall exclusions to add or remove based on simulation results.
Executive Summary
One-page board and CISO-ready summary with key findings, risk score, and top three recommended actions.

See a Sample Report Before You Sign Up

Download a redacted sample BAS report to understand exactly what you get from a simulation.

Request Sample Report

VA vs Pen Test vs BAS

Understand which assessment approach fits your security programme

Feature Vulnerability Assessment (VA) Penetration Testing (PT) Breach & Attack Simulation (BAS)
Purpose Identifies and catalogs vulnerabilities in systems, networks, and applications. Simulates real-world attacks to exploit vulnerabilities and assess security posture. Continuously emulates advanced attack scenarios to evaluate and improve defences in real-time.
Methodology Automated scanning tools to identify known vulnerabilities and misconfigurations. Manual and automated methods used by ethical hackers to exploit vulnerabilities. Automated simulation of attacks using Caldera to mimic real-world adversary tactics.
Frequency Typically quarterly or annually as part of routine security maintenance. Periodically — annually, bi-annually, or after significant system changes. Continuous or on-demand, offering real-time assessments and improvements.
Coverage Broad coverage of systems, identifying all known vulnerabilities. Focused on specific systems or components to exploit vulnerabilities. Focuses on critical assets and realistic attack paths to validate security controls.
Risk Assessment Identifies potential risks but does not exploit vulnerabilities — impact is hypothetical. Provides a detailed risk assessment by showing impact of successfully exploited vulnerabilities. Assesses risk based on the effectiveness of security controls against simulated attacks.
Reporting Generates a report of identified vulnerabilities categorised by severity and risk. Detailed report with exploited vulnerabilities, how they were exploited, and remediation steps. Comprehensive reports with attack paths, exploited vulnerabilities, and actionable guidance.
Expertise Required Moderate — security teams with experience using VA tools. High — skilled ethical hackers with deep knowledge of attack methods. Moderate to High — understanding of attack scenarios and BAS result interpretation.
Remediation Provides a list of vulnerabilities to fix but no direct remediation support. Detailed guidance on remediating specific vulnerabilities that were exploited. Includes remediation guidance and ongoing improvement suggestions from continuous testing.
Cost Generally lower due to the automated nature of the assessment. Higher due to the manual effort and expertise required. Varies by scope and frequency; cost-effective long-term for continuous assessment.
Best For Organisations seeking a regular overview of vulnerabilities without exploitation. Organisations needing to test defences and understand real-world impact. Organisations seeking ongoing, real-time assessment and continuous security improvement.

Frequently Asked Questions

Everything you need to know about the self-service BAS platform

Yes. When you register on the Ogma portal, your first simulation credit is credited to your account automatically. No payment method required until you purchase additional credits. The free credit never expires.

Any Windows 10/11 or Linux (Ubuntu / RHEL / CentOS) machine on your internal network. The Sandcat agent is a single binary under 5&nbsp;MB with no dependencies. It works behind NAT — your agent reaches out to our Caldera server; no inbound firewall rules required. We recommend a non-production test machine, though the agent is safe to run in production with controlled adversary profiles.

Self-hosting Caldera requires server setup, adversary profile management, ability updates, and report generation — typically 2&ndash;4 weeks of engineering effort. Ogma's managed platform is instant: our Caldera cluster is always up-to-date with the latest ATT&CK v14 techniques, 29 vetted adversary profiles, and automated PDF report generation — all ready in under 5 minutes of setup.

Yes — this is one of the most valuable use cases. Run a simulation, then check how many of the attempted techniques your SIEM created alerts for and how many your EDR blocked. The report shows a detection coverage percentage. You can then tune your SIEM rules and run another simulation to measure improvement.

Credits are sold in packs. Contact us or check your portal dashboard for current pricing. Each credit = one full simulation run against one target agent. Credits roll over and never expire. Volume discounts available for monthly and annual plans.

Sandcat agents are designed for controlled environments. All techniques are executed in-process and are reversible. We recommend a test/staging machine for first runs. For production environments, use the 'atomic' planner which executes techniques in isolation without chaining — safe for live systems when authorised by your IT team.

Simple Credit-Based Pricing

Pay only for what you simulate. Credits never expire.

START HERE
Free
5
Simulation Credits
  • 5 simulation runs
  • Any adversary profile
  • Full MITRE report
  • 30-day portal access
Create Free Account
Starter Pack
5
Credits
  • 5 simulation runs
  • All 29 adversary profiles
  • Full MITRE reports
  • Priority support
  • Trend dashboard access
Get Quote
Enterprise
Unlimited
 
  • Unlimited simulations
  • Custom adversary profiles
  • API access
  • White-label reports
  • Dedicated CSM
  • CERT-In reporting
Talk to Us

Don't Wait for a Breach to Test Your Defences

Your first simulation is free. No sales call required.

Start Free Simulation