Welcome to RTF — Red Team Framework
RTF is a professional red team engagement platform designed to help security teams plan, execute, and document their engagements — all in one place.
Whether you're running a full adversary simulation or a targeted assessment, RTF gives you the tools to stay organized, track your progress against real-world attack frameworks, and generate high-quality reports.
How RTF is Structured
RTF is a three-part platform. You interact with all three seamlessly, but understanding the separation helps when something needs attention:
| Part | Hosted by | What it handles |
|---|---|---|
| RTF Auth | Sandbox Security (cloud) | Login, accounts, teams, licenses, team chat |
| RTF Client | Sandbox Security (cloud) | The web interface you use every day |
| RTF Server | You (Docker, your machine) | The core red team engine — all engagement data stays with you |
All engagement data — findings, navigator state, AI plans, terminal sessions — lives on your RTF Server. The cloud components only handle identity and the UI. You own your data.
What You Can Do with RTF
Engagement Features (RTF Server)
| Capability | What It Means for You |
|---|---|
| MITRE ATT&CK Navigator | Track techniques across all MITRE tactics in a visual map |
| MITRE ATLAS Navigator | Same for AI/ML system assessments |
| AI Attack Planning | Get AI-generated attack plans tailored to your target and scope |
| AI Scope Suggestions | Let AI recommend which techniques to include in scope |
| AI Tool Suggestions | Get tool recommendations for each technique as you work |
| Findings | Record discoveries tied directly to MITRE techniques, with screenshot evidence |
| C2 Infrastructure | Map your command-and-control setup visually |
| Web Terminal | Run commands directly in the browser — no SSH needed |
| Analytics Dashboard | Engagement coverage, timelines, and top tools at a glance |
| AI/ML Model Scanning | Test AI systems using ATLAS-based techniques |
| Package Manager | Install and manage tools inside the RTF container |
Account & Team Features (RTF Auth)
| Capability | What It Means for You |
|---|---|
| Secure Login | Email + password with account lockout protection |
| Two-Factor Auth (2FA) | TOTP-based MFA via any authenticator app |
| Password Management | Secure password reset, change, and history enforcement |
| Role-Based Access | Admin and Member roles with appropriate permissions |
| Organization Management | Manage your team, seats, and license from one place |
| Team Chat | Real-time encrypted group chat with file sharing |
| Online Presence | See which team members are currently active |
| Audit Logs | Full record of all account and auth events (admin only) |
How an Engagement Works
RTF is built around profiles. Every piece of work lives inside a profile:
Engagement (Profile)
├── MITRE ATT&CK Navigator ← track your techniques
├── MITRE ATLAS Navigator ← track AI/ML techniques
├── AI Attack Plan ← AI-generated plan
├── Findings ← what you discovered
├── C2 Infrastructure ← your infrastructure map
├── Terminal Sessions ← your active shells
├── Analytics Dashboard ← your progress metrics
└── Subprofiles ← organize by target segment
└── (each subprofile has its own findings)
Quick Navigation
- New here? Start with Getting Started →
- Setting up your server? See Installation →
- Ready to work? See Your First Engagement →
- Securing your account? See Two-Factor Authentication →
- Managing your team? See Roles & Permissions →