SELF-SERVICE BAS PLATFORM — INDIA

Find Out Where Attackers Will Win — Before They Do

Ogma's Breach & Attack Simulation platform runs real adversary techniques inside your network — safely, automatically, and on demand. No red team consultants. No scheduling. Just answers.

Deploy a lightweight Sandcat agent on any Windows or Linux host. Choose an adversary profile. Click run. Get a MITRE ATT&CK mapped report showing exactly what succeeded, what was blocked, and what you need to fix.

Start Free — 5 Credits Included

No credit card. No sales call. 5 free credits on signup.

29
Adversary Profiles
1,800+
ATT&CK Techniques
Self-Service
No Consultants Needed
Free
5 Free Simulation Credits
WHY BREACH & ATTACK SIMULATION

Penetration Tests Are Snapshots. Threats Are Continuous.

A pentest runs once a year and tells you what was vulnerable in Q4. By Q1 the threat landscape has shifted, your team has pushed new code, and your firewall policies have drifted. BAS runs every week — or every day — giving you a live picture of your security posture.

  • Test controls against real-world adversary TTPs, not theoretical vulnerabilities
  • Measure detection & prevention rates across your entire security stack
  • Prioritise remediation by what attackers actually exploit in your environment
  • Prove security ROI to the board with data — not just compliance checkboxes
  • Validate that last month's patch or policy change actually closed the gap
Breach and Attack Simulation Platform India

Run Your First Simulation in 15 Minutes

Three steps. No professional services engagement. No change-freeze drama.

1

Register & Get Your Credits

Sign up at portal.ogma.in. Your account is created instantly with 5 free simulation credits — no card, no approval workflow.

2

Deploy the Sandcat Agent

Download the lightweight Go-based Sandcat agent and run it on any test host — Windows server, Linux workstation, or VM. One command. No persistence, no drivers.

3

Run & Review Your Report

Pick an adversary profile, launch the simulation, and receive a full MITRE ATT&CK report with technique success rates, detection gaps, and a prioritised remediation list.

Start Free Now

Platform Capabilities

Everything you need to run continuous, intelligent adversary emulation — without a red team on the payroll.

29 Adversary Profiles

APT28, Lazarus, LockBit, Cobalt Group and 25 more — covering nation-state, ransomware, insider threat, and financial crime TTPs. Each profile maps to real-world incident data.

MITRE ATT&CK Coverage

1,800+ techniques across 14 tactics: Initial Access through Impact. Every simulation links findings to ATT&CK technique IDs so your SOC team can cross-reference with detection rules.

Sandcat Agent — Zero Footprint

The Go-based Sandcat agent requires no installation, leaves no registry keys, and communicates back to the BAS server over an encrypted channel. It runs, reports, and exits clean.

Automated PDF Reports

Every simulation produces an executive summary (risk score, top 5 gaps) and a full technical report (per-technique pass/fail, evidence, severity rating, and remediation steps).

Scheduled Simulations

Run the same adversary profile weekly to measure improvement over time. Schedule simulations during off-hours. Track your prevention and detection rate trends on the dashboard.

Safe by Design

BAS is not a real attack. Techniques are emulated — they test whether your tools detect and block the behaviour, without causing actual damage, data loss, or downtime.

Real Adversary Profiles, Real TTPs

Not synthetic attack patterns — actual adversary playbooks reverse-engineered from real incidents and mapped to MITRE ATT&CK.

APT28 (Fancy Bear)
Russian GRU — spear-phishing, credential theft, lateral movement
Lazarus Group
North Korean — financial theft, destructive wiper, supply chain
LockBit 3.0
Ransomware — fast encryption, data exfil, double extortion
BlackCat / ALPHV
Rust-based ransomware — cross-platform, BYOVD tactics
Cobalt Group
Financial sector — Cobalt Strike C2, living off the land
FIN7 / Carbanak
POS malware, spear-phish, lateral to financial systems
Lateral Movement Chain
Pass-the-hash, Kerberoasting, DCSync, privilege escalation
Active Directory Attack
AD enumeration, AS-REP roast, GPO abuse, domain takeover
Data Exfiltration Suite
Compress, encrypt, exfiltrate via DNS, HTTP and cloud storage
Insider Threat Scenario
Privileged user data theft, USB simulation, shadow copy abuse
OilRig (APT34)
Iranian — DNS tunneling, web shells, phishing with macros
Conti Ransomware
Enterprise ransomware — Ryuk heritage, network propagation

+ 17 more profiles including OPSEC-focused, cloud-native, and OT/SCADA attack chains

Frequently Asked Questions

BAS emulates adversary behaviour — it does not execute real malware or cause data loss. However, Ogma recommends running initial simulations on non-production hosts or in a staging environment. BAS can be run on production hosts once your security team understands the technique scope.

A pentest is a point-in-time manual assessment that finds vulnerabilities. BAS is automated, continuous, and measures whether your security controls actually detect and prevent adversary techniques. BAS complements — and amplifies the value of — annual pentests.

Sandcat runs on Windows (Windows 10/11, Server 2016+), Linux (Ubuntu, RHEL, Debian), and macOS. Pre-compiled binaries are available for each platform from the portal. No installer or admin rights required for most techniques.

BAS reports provide evidence of regular security control testing — useful for ISO 27001, SOC 2, and CERT-In audit trails. The reports map findings to ATT&CK technique IDs, which can be cross-referenced with your SIEM detection rules as evidence of monitoring coverage.

One credit runs one complete adversary simulation (all techniques in that profile). Most teams run 3–5 simulations per quarter: one per major adversary category. The Starter pack (10 credits) covers a full quarter of continuous testing.

Yes. For organisations that cannot route traffic to Ogma's cloud BAS server, we offer a dedicated BAS instance deployed inside your environment — on-prem or private cloud. Contact us for enterprise pricing and deployment scope.

Simple Credit-Based Pricing

Buy credits when you need them. No subscriptions. No per-seat fees. No annual commitments.

START HERE

Free

0
5 simulation credits included
  • 5 adversary simulations
  • Full MITRE ATT&CK report
  • PDF + JSON export
  • Dashboard access
Create Free Account

Starter

10 credits
Full quarter of testing
  • 10 adversary simulations
  • Scheduled automation
  • Trend tracking dashboard
  • Email alerts on completion
  • GST invoice

Enterprise

Custom
Unlimited or private deployment
  • Unlimited simulations
  • Private BAS infrastructure
  • Custom adversary profiles
  • SIEM/SOAR integration
  • SLA-backed support