-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadversarygraph-web-guide.html
More file actions
997 lines (917 loc) · 44.8 KB
/
Copy pathadversarygraph-web-guide.html
File metadata and controls
997 lines (917 loc) · 44.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
<!doctype html>
<html lang="en">
<head>
<script>(function(){var t=localStorage.getItem("theme")||"dark";document.documentElement.setAttribute("data-theme",t);})();</script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-TMTG21RVHM"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-TMTG21RVHM');
</script>
<meta charset="utf-8" />
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'sha256-4GbcvBt1YwbUIazfcM7HFDbTxHzGoa2tBMutVpD+cTA=' 'sha256-1Hte8hAi5KQyJQXAhhKSJpedGi3X91IT7FC2Ej6825k=' 'sha256-tKdjbTbecNA89yNcvR2w2Ude0xxGJKJjGEFInzivX8w=' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://cdn-images-1.medium.com https://1200km.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self';">
<meta name="referrer" content="strict-origin-when-cross-origin">
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>AdversaryGraph Web Guide — Browser ATT&CK Explorer</title>
<meta name="description" content="Guide to AdversaryGraph Web: browser-native ATT&CK matrices, group library, TTP overlap scoring, group comparison, coverage dashboard, and CTI exports." />
<meta name="author" content="Andrey Pautov" />
<meta name="keywords" content="AdversaryGraph Web, MITRE ATT&CK browser tool, ATT&CK matrix explorer, ATT&CK group comparison, TTP overlap, Jaccard similarity, ATT&CK coverage analysis, ICS ATT&CK, ATT&CK ATLAS, free threat intelligence tool, Andrey Pautov" />
<meta property="og:title" content="AdversaryGraph Web Guide — Browser ATT&CK Explorer" />
<meta property="og:description" content="Browser-native ATT&CK matrix, group TTP overlap scoring, group comparison, detection coverage dashboard, and export workflow." />
<meta property="og:type" content="website" />
<meta property="og:url" content="https://1200km.com/adversarygraph-web-guide.html" />
<meta property="og:image" content="https://1200km.com/assets/adversarygraph-ai-og.png" />
<meta property="og:image:width" content="1200" />
<meta property="og:image:height" content="630" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:image" content="https://1200km.com/assets/adversarygraph-ai-og.png" />
<link rel="canonical" href="https://1200km.com/adversarygraph-web-guide.html" />
<meta name="theme-color" content="#0f62fe" />
<link rel="icon" href="assets/favicon.png" type="image/png" />
<link rel="preconnect" href="https://fonts.googleapis.com" />
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet" />
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "HowTo",
"name": "How to Use AdversaryGraph Web — Browser MITRE ATT&CK Explorer",
"url": "https://1200km.com/adversarygraph-web-guide.html",
"description": "Guide for AdversaryGraph Web: interactive ATT&CK matrix across Enterprise, Mobile, ICS, and ATLAS domains, ATT&CK Group Library with TTP overlap scoring, Group vs Group comparison, detection coverage dashboard, and export.",
"author": { "@type": "Person", "name": "Andrey Pautov", "url": "https://1200km.com/" },
"tool": { "@type": "HowToTool", "name": "AdversaryGraph Web", "url": "https://1200km.com/threat-matrix/" },
"breadcrumb": {
"@type": "BreadcrumbList",
"itemListElement": [
{ "@type": "ListItem", "position": 1, "name": "Home", "item": "https://1200km.com/" },
{ "@type": "ListItem", "position": 2, "name": "AdversaryGraph Web Guide", "item": "https://1200km.com/adversarygraph-web-guide.html" }
]
}
}
</script>
<style>
:root {
--bg: #050c1a;
--panel: #ffffff;
--panel-translucent: rgba(255,255,255,0.82);
--panel-ink: #172033;
--panel-ink-soft: #2d3a4f;
--panel-muted: #5a6f8f;
--text: #cdd9ee;
--muted: #7a96bc;
--line: #1a3060;
--accent: #0f62fe;
--accent-soft: #93c5fd;
--accent-dark: #054ada;
--ok: #34d399;
--warn: #b45309;
--red: #ef4444;
--chip: #0d1f3c;
--chip-strong: #162d52;
--shadow: 0 14px 34px rgba(0,0,0,0.45);
}
* { box-sizing: border-box; }
html { scroll-behavior: smooth; }
body {
margin: 0;
font-family: Inter, ui-sans-serif, system-ui, -apple-system, sans-serif;
color: var(--text);
background: var(--bg);
line-height: 1.6;
}
a { color: var(--accent); text-decoration: none; }
a:hover { color: var(--accent-dark); text-decoration: underline; }
.site-header {
position: sticky; top: 0; z-index: 10;
border-bottom: 1px solid var(--line);
background: rgba(5,12,26,0.92);
backdrop-filter: blur(12px);
}
.nav, .page-hero-inner, main, .footer-inner {
width: min(1080px, calc(100% - 32px));
margin: 0 auto;
}
.nav {
min-height: 64px;
display: flex; align-items: center; justify-content: space-between; gap: 18px;
}
.brand {
display: inline-flex; align-items: center; gap: 10px;
font-weight: 700; color: var(--text); text-decoration: none;
}
.brand:hover { text-decoration: none; color: var(--text); }
.brand img { width: 36px; height: 36px; border-radius: 10px; }
.nav-links { display: flex; flex-wrap: wrap; gap: 14px; font-size: 0.92rem; }
.page-hero {
background: linear-gradient(120deg, rgba(185,28,28,0.08), rgba(15,98,254,0.07)), #ffffff;
border-bottom: 1px solid var(--line);
}
.page-hero-inner { padding: 64px 0 52px; }
.page-eyebrow {
color: var(--red);
font-size: 0.76rem; font-weight: 600;
letter-spacing: 0.09em; text-transform: uppercase;
margin: 0 0 12px;
}
.page-title { margin: 0; font-size: clamp(2rem, 4vw, 3rem); line-height: 1.1; }
.page-lead {
max-width: 760px; margin: 16px 0 0;
color: var(--muted); font-size: 1.07rem;
}
.page-hero-links {
display: flex; flex-wrap: wrap; gap: 10px; margin-top: 24px;
}
.button {
display: inline-flex; align-items: center;
padding: 8px 18px; border: 1px solid var(--line);
border-radius: 6px; font-size: 0.88rem; font-weight: 700;
color: var(--text); background: var(--panel);
text-decoration: none;
transition: border-color 0.14s, background 0.14s;
}
.button:hover { border-color: var(--accent); background: var(--chip); text-decoration: none; color: var(--text); }
.button.primary { background: var(--red); color: #fff; border-color: var(--red); }
.button.primary:hover { background: #991b1b; border-color: #991b1b; color: #fff; }
main {
padding: 52px 0 72px;
display: flex; flex-direction: column; gap: 56px;
}
/* ── Feature sections ── */
.section-label {
font-size: 0.72rem; font-weight: 700;
letter-spacing: 0.1em; text-transform: uppercase;
color: var(--red); margin: 0 0 6px;
}
.section-title {
margin: 0 0 6px;
font-size: 1.45rem; font-weight: 800; line-height: 1.2;
}
.section-lead {
margin: 0 0 24px;
color: var(--muted); font-size: 0.97rem; max-width: 700px;
}
/* ── Feature cards grid ── */
.feature-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
gap: 16px;
}
.feature-card {
background: var(--panel);
border: 1px solid var(--line);
border-radius: 10px;
padding: 22px 24px;
box-shadow: var(--shadow);
}
.feature-card-icon {
font-size: 1.4rem; margin-bottom: 10px;
}
.feature-card-title {
font-weight: 700; font-size: 1rem; margin: 0 0 6px;
}
.feature-card-desc {
margin: 0; font-size: 0.88rem; color: var(--muted); line-height: 1.55;
}
/* ── How-to steps ── */
.steps { display: flex; flex-direction: column; gap: 0; }
.step {
display: grid;
grid-template-columns: 40px 1fr;
gap: 0 18px;
padding: 18px 0;
border-bottom: 1px solid var(--line);
}
.step:last-child { border-bottom: none; }
.step-num {
width: 36px; height: 36px;
background: var(--red-bg); color: var(--red);
border-radius: 50%; font-weight: 800; font-size: 0.95rem;
display: flex; align-items: center; justify-content: center;
flex-shrink: 0; margin-top: 2px;
}
.step-body { }
.step-title { font-weight: 700; font-size: 0.97rem; margin: 0 0 4px; }
.step-desc { margin: 0; font-size: 0.88rem; color: var(--muted); line-height: 1.55; }
/* ── Compare table ── */
.compare-table {
width: 100%;
border-collapse: collapse;
font-size: 0.9rem;
background: var(--panel);
border-radius: 10px;
overflow: hidden;
box-shadow: var(--shadow);
}
.compare-table th {
background: #f0f4fc;
font-weight: 700;
text-align: left;
padding: 12px 16px;
border-bottom: 2px solid var(--line);
font-size: 0.82rem;
text-transform: uppercase;
letter-spacing: 0.06em;
color: var(--muted);
}
.compare-table td {
padding: 11px 16px;
border-bottom: 1px solid var(--line);
vertical-align: top;
}
.compare-table tr:last-child td { border-bottom: none; }
.yes { color: #007a5a; font-weight: 700; }
.no { color: var(--muted); }
.visual-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(260px, 1fr));
gap: 16px;
}
.visual-card {
background: var(--panel);
border: 1px solid var(--line);
border-radius: 10px;
overflow: hidden;
box-shadow: var(--shadow);
}
.visual-card img {
display: block;
width: 100%;
aspect-ratio: 16 / 9;
object-fit: cover;
background: #050c1a;
border-bottom: 1px solid var(--line);
}
.visual-card figcaption {
padding: 10px 12px;
font-size: 0.82rem;
color: var(--muted);
line-height: 1.45;
}
.visual-card.wide {
grid-column: 1 / -1;
}
.visual-card.wide img {
aspect-ratio: 21 / 9;
}
/* ── Ecosystem bar ── */
.ecosystem-bar {
background: linear-gradient(120deg, #0d1b2e, #132240);
border-radius: 12px;
padding: 32px 36px;
display: flex; align-items: center; justify-content: space-between;
gap: 24px; flex-wrap: wrap;
}
.ecosystem-bar-text h3 {
margin: 0 0 6px; font-size: 1.1rem; color: #e2e8f0; font-weight: 700;
}
.ecosystem-bar-text p {
margin: 0; font-size: 0.88rem; color: #7a96bc; line-height: 1.55; max-width: 540px;
}
.ecosystem-links {
display: flex; flex-wrap: wrap; gap: 10px; flex-shrink: 0;
}
.eco-link {
display: inline-flex; align-items: center;
padding: 7px 15px;
border: 1px solid rgba(255,255,255,0.15);
border-radius: 6px;
font-size: 0.84rem; font-weight: 600;
color: #93c5fd; text-decoration: none;
background: rgba(255,255,255,0.06);
transition: background 0.14s, border-color 0.14s;
}
.eco-link:hover { background: rgba(255,255,255,0.12); border-color: rgba(255,255,255,0.3); color: #fff; text-decoration: none; }
footer {
border-top: 1px solid var(--line);
padding: 22px 0;
font-size: 0.84rem;
color: var(--muted);
}
@media (max-width: 720px) {
.feature-grid { grid-template-columns: 1fr; }
.ecosystem-bar { flex-direction: column; align-items: flex-start; }
.nav { flex-direction: column; align-items: flex-start; gap: 10px; padding: 10px 0; }
.nav-links { grid-template-columns: repeat(3, max-content); display: grid; gap: 8px 14px; }
.page-hero-links { display: grid; grid-template-columns: repeat(2, max-content); gap: 10px; }
}
/* ─── Light / dark toggle ─── */
/* ── Dark mode: hardcoded element overrides ── */
[data-theme="dark"] footer,
[data-theme="dark"] .footer {
background: rgba(5,12,26,0.96) !important;
border-top-color: #1a3060 !important;
color: #7a96bc !important;
}
[data-theme="dark"] .profile-hero,
[data-theme="dark"] .cv-hero,
[data-theme="dark"] .cl-hero,
[data-theme="dark"] .page-hero {
background: linear-gradient(135deg, rgba(15,98,254,0.12), rgba(0,122,90,0.06)), #050c1a !important;
border-bottom-color: #1a3060 !important;
}
[data-theme="dark"] .job.current {
background: linear-gradient(180deg, #0d1f3c, #050c1a) !important;
border-color: #0f62fe !important;
}
[data-theme="dark"] .open-to-work {
background: rgba(52,211,153,0.12) !important;
border-color: rgba(52,211,153,0.3) !important;
}
[data-theme="dark"] .chip { color: #93c5fd !important; }
[data-theme="dark"] .chip.green { background: rgba(52,211,153,0.12) !important; color: #34d399 !important; }
[data-theme="dark"] .chip.orange { background: rgba(245,158,11,0.12) !important; color: #f59e0b !important; }
[data-theme="dark"] .chip.red { background: rgba(239,68,68,0.12) !important; color: #ef4444 !important; }
[data-theme="dark"] .chip.purple { background: rgba(139,92,246,0.12) !important; color: #a78bfa !important; }
[data-theme="dark"] .chip.ai,
[data-theme="dark"] .chip.lab,
[data-theme="dark"] .chip.tool,
[data-theme="dark"] .chip.malware { background: #162d52 !important; color: #93c5fd !important; }
[data-theme="dark"] .guide-tag { color: #93c5fd !important; }
[data-theme="dark"] .guide-tag.red { background: rgba(239,68,68,0.12) !important; color: #ef4444 !important; }
[data-theme="dark"] .guide-tag.orange { background: rgba(245,158,11,0.12) !important; color: #f59e0b !important; }
[data-theme="dark"] .guide-tag.purple { background: rgba(139,92,246,0.12) !important; color: #a78bfa !important; }
[data-theme="dark"] .job-badge { color: #93c5fd !important; background: #162d52 !important; }
[data-theme="dark"] th { background: #0a1628 !important; color: #cdd9ee !important; border-color: #1a3060 !important; }
[data-theme="dark"] .eco-link { color: #93c5fd !important; }
[data-theme="dark"] .button:not(.primary):not(.theme-btn) {
background: #0d1f3c !important; color: #cdd9ee !important; border-color: #1a3060 !important;
}
[data-theme="light"] {
--bg: #f6f8fb;
--panel: #ffffff;
--panel-translucent: rgba(255,255,255,0.97);
--panel-ink: #172033;
--panel-ink-soft: #2d3a4f;
--panel-muted: #5b667a;
--text: #172033;
--muted: #5b667a;
--line: #dbe4ef;
--accent: #0f62fe;
--accent-soft: #3a7dff;
--accent-dark: #054ada;
--ok: #007a5a;
--warn: #b45309;
--red: #b91c1c;
--chip: #eef4ff;
--chip-strong: #dbe9ff;
--shadow: 0 14px 34px rgba(24,38,69,0.09);
}
[data-theme="light"] body {
background: #f0f4ff !important;
background-image: none !important;
}
[data-theme="light"] .site-header {
background: rgba(255,255,255,0.96) !important;
border-bottom: 1px solid #dbe4ef;
}
[data-theme="light"] footer,
[data-theme="light"] .footer {
background: rgba(255,255,255,0.96) !important;
border-top: 1px solid #dbe4ef;
}
.theme-btn {
background: none;
border: 1px solid var(--line);
border-radius: 6px;
width: 32px;
height: 32px;
cursor: pointer;
color: var(--muted);
font-size: 1rem;
display: flex;
align-items: center;
justify-content: center;
padding: 0;
transition: border-color 0.15s, color 0.15s;
flex-shrink: 0;
font-family: inherit;
}
.theme-btn:hover {
border-color: var(--accent);
color: var(--accent-soft);
}
</style>
<link rel="stylesheet" href="assets/site-theme.css?v=20260614-1" />
<script src="assets/site-theme.js?v=20260614-1" defer></script>
</head>
<body>
<header class="site-header">
<nav class="nav" aria-label="Main navigation">
<a class="brand" href="index.html">
<img src="assets/adversarygraph-ai-icon-192.png" alt="AdversaryGraph AI logo" width="36" height="36" />
<span>Andrey Pautov</span>
</a>
<div class="nav-links">
<a href="about.html">About</a>
<a href="cv.html">CV</a>
<a href="cti.html">CTI</a>
<a href="labs.html">Labs</a>
<a href="guides.html">Guides</a>
<a href="hexstrike.html">HexStrike</a>
<a href="ai-offensive.html">OfSec</a>
<a href="pt-tools.html">PT Tools</a>
<a href="projects.html">Projects</a>
<a href="external-validation.html">Validation</a>
<a href="https://github.com/anpa1200" target="_blank" rel="noopener">GitHub ↗</a>
<a href="https://medium.com/@1200km" target="_blank" rel="noopener">Medium ↗</a>
</div>
<button class="theme-btn" id="theme-btn" aria-label="Toggle theme">☀</button>
</nav>
</header>
<div class="page-hero">
<div class="page-hero-inner">
<p class="page-eyebrow">◈ AdversaryGraph Web · Browser-native · No install</p>
<h1 class="page-title">AdversaryGraph Web</h1>
<p class="page-lead">
A fully browser-based MITRE ATT&CK explorer across four frameworks: Enterprise, Mobile, ICS, and ATLAS.
Map threat actor behaviour, compare APT groups, run gap analysis, and export reports —
no server, no Docker, no API keys required.
</p>
<div class="page-hero-links">
<a class="button primary" href="https://1200km.com/threat-matrix/" target="_blank" rel="noopener">Open tool →</a>
<a class="button" href="https://github.com/anpa1200/adversarygraph" target="_blank" rel="noopener">GitHub repo</a>
<a class="button" href="https://1200km.com/adversarygraph-docs/" target="_blank" rel="noopener">Docker version docs</a>
<a class="button" href="articles/adversarygraph-v2-self-hosted-ai-cti-platform.html">AdversaryGraph v2 article</a>
<a class="button" href="cti.html">CTI page</a>
</div>
</div>
</div>
<main>
<!-- ── What it is ── -->
<section>
<p class="section-label">Overview</p>
<h2 class="section-title">What is AdversaryGraph Web?</h2>
<p class="section-lead">
AdversaryGraph Web is the lightweight, zero-install counterpart to the self-hosted
<a href="https://1200km.com/adversarygraph-docs/" target="_blank" rel="noopener">AdversaryGraph Docker platform</a>.
It runs entirely in your browser — no account, no API key, no backend. Load the page, choose a
framework, and start building ATT&CK layers immediately.
</p>
<div class="feature-grid">
<div class="feature-card">
<div class="feature-card-icon">◈</div>
<div class="feature-card-title">4 ATT&CK Frameworks</div>
<p class="feature-card-desc">
Switch between Enterprise, Mobile, ICS, and MITRE ATLAS (AI/ML) with a single click.
Each domain loads its full tactic/technique tree on demand. Enterprise covers 14 tactics
and 600+ techniques; Mobile adds 13 tactics for mobile threats; ICS covers industrial
control systems; ATLAS maps adversarial attacks on AI/ML systems with 16 tactics and
170+ techniques.
</p>
</div>
<div class="feature-card">
<div class="feature-card-icon">⊞</div>
<div class="feature-card-title">ATT&CK Matrix</div>
<p class="feature-card-desc">
Full interactive matrix for the active framework. Click cells to select techniques,
expand sub-techniques, overlay group profiles, and filter by name or ID. Colour-coded
states show selected (red), overlay (blue), and shared (amber) techniques at a glance.
</p>
</div>
<div class="feature-card">
<div class="feature-card-icon">◉</div>
<div class="feature-card-title">ATT&CK Group Library</div>
<p class="feature-card-desc">
Threat groups from the currently loaded Enterprise or ICS dataset. In ATLAS mode, the library
shows 57 case studies instead of APT groups. Browse, search, and open any profile to see
its full TTP set. Load a group's techniques into your selection or overlay it on the matrix.
</p>
</div>
<div class="feature-card">
<div class="feature-card-icon">⊘</div>
<div class="feature-card-title">My TTPs vs Groups</div>
<p class="feature-card-desc">
Jaccard similarity ranking of your selected techniques against all ATT&CK threat groups.
Click any result to see shared techniques, your-only techniques, and a full gap analysis —
which techniques in the group's profile you don't cover yet.
</p>
</div>
<div class="feature-card">
<div class="feature-card-icon">⊕</div>
<div class="feature-card-title">Group vs Group</div>
<p class="feature-card-desc">
Select up to 6 APT groups and compare them simultaneously. N×N Jaccard similarity matrix,
combined ATT&CK view with per-group coloured dots, and a sortable technique table with
per-group checkmarks — useful for cluster analysis and attribution disambiguation.
</p>
</div>
<div class="feature-card">
<div class="feature-card-icon">↗</div>
<div class="feature-card-title">TTP Detail Panels</div>
<p class="feature-card-desc">
Click any technique ID anywhere in the tool to open a detail panel with the full MITRE
description, tactic pills, and direct MITRE link. For Enterprise techniques the panel
also shows section-level deep-links into the CTI Field Manual and ITDR Handbook —
jumping straight to the paragraph where that technique ID appears in the article.
</p>
</div>
<div class="feature-card">
<div class="feature-card-icon">↓</div>
<div class="feature-card-title">Report & Export</div>
<p class="feature-card-desc">
Export your TTP selection as a MITRE ATT&CK Navigator-compatible JSON layer, a CSV table,
or a formatted PDF report. The Report view shows your full selection with tactic breakdown
and export buttons.
</p>
</div>
</div>
</section>
<!-- ── How to use ── -->
<section>
<p class="section-label">Workflow</p>
<h2 class="section-title">How to Use It</h2>
<p class="section-lead">A typical analyst workflow from zero to attribution finding.</p>
<div class="steps">
<div class="step">
<div class="step-num">1</div>
<div class="step-body">
<p class="step-title">Open the tool and choose a domain</p>
<p class="step-desc">
Navigate to <a href="https://1200km.com/threat-matrix/" target="_blank" rel="noopener">1200km.com/threat-matrix/</a>.
Enterprise ATT&CK loads automatically. Use the domain switcher in the header
(<strong>Enterprise / Mobile / ICS / ATLAS</strong>) to load a different framework.
Each domain loads on first click and is cached for instant switching afterwards.
</p>
</div>
</div>
<div class="step">
<div class="step-num">2</div>
<div class="step-body">
<p class="step-title">Build your TTP selection</p>
<p class="step-desc">
In the <strong>ATT&CK Matrix</strong> view, click technique cells to select them (they turn red).
Click the small monospace ID at the top of each cell to open the detail panel instead.
Use the filter bar to narrow by name or ID when working with a known technique list.
</p>
</div>
</div>
<div class="step">
<div class="step-num">3</div>
<div class="step-body">
<p class="step-title">Load from ATT&CK Group Library (optional)</p>
<p class="step-desc">
Go to <strong>ATT&CK Group Library</strong>, find a group (search by name or ID), and click
<em>Load as my selection</em> to replace your layer with that group's TTPs, or
<em>Overlay on matrix</em> to visualise the group on the matrix without replacing your layer.
</p>
</div>
</div>
<div class="step">
<div class="step-num">4</div>
<div class="step-body">
<p class="step-title">Compare against threat groups</p>
<p class="step-desc">
Go to <strong>My TTPs vs Groups</strong>. The ranking updates automatically from your
selection. Click any result row to see the detail panel: similarity score, shared techniques
(amber badges — click to open detail), and gap analysis.
</p>
</div>
</div>
<div class="step">
<div class="step-num">5</div>
<div class="step-body">
<p class="step-title">Run Group vs Group analysis (optional)</p>
<p class="step-desc">
Go to <strong>Group vs Group</strong>, search and select up to 6 APT groups, and explore
the Overlap Matrix, ATT&CK View, and Technique Table tabs. Click technique IDs in the table
to open detail panels.
</p>
</div>
</div>
<div class="step">
<div class="step-num">6</div>
<div class="step-body">
<p class="step-title">Export</p>
<p class="step-desc">
Go to <strong>Report</strong> and export as ATT&CK Navigator JSON, CSV, or PDF.
The Navigator JSON can be imported directly into the official MITRE ATT&CK Navigator
or into the self-hosted <a href="https://github.com/anpa1200/adversarygraph" target="_blank" rel="noopener">AdversaryGraph Docker tool</a>.
</p>
</div>
</div>
</div>
</section>
<!-- ── TTP Detail Panels ── -->
<section>
<p class="section-label">Feature Spotlight</p>
<h2 class="section-title">Clickable TTP Detail Panels</h2>
<p class="section-lead">
Every technique ID displayed in the tool — in the matrix, the library, the compare results,
and the group-vs-group table — is a clickable link that opens a rich detail panel.
</p>
<div class="feature-grid">
<div class="feature-card">
<div class="feature-card-title">Full MITRE description</div>
<p class="feature-card-desc">
The panel opens with the technique's full MITRE description — the same text from
<a href="https://attack.mitre.org" target="_blank" rel="noopener">attack.mitre.org</a>
(or <a href="https://atlas.mitre.org" target="_blank" rel="noopener">atlas.mitre.org</a> for ATLAS),
bundled into the tool data at build time. No extra network request; the description is
available offline too.
</p>
</div>
<div class="feature-card">
<div class="feature-card-title">CTI Field Manual article links</div>
<p class="feature-card-desc">
The panel shows section-level deep-links into the
<a href="https://1200km.com/cti-analyst-field-manual/" target="_blank" rel="noopener">CTI Analyst Field Manual</a>
— one link per article section that mentions the technique, with a short context snippet.
Links jump directly to the relevant heading, not just the article homepage.
</p>
</div>
<div class="feature-card">
<div class="feature-card-title">ITDR Handbook article links</div>
<p class="feature-card-desc">
For identity-related and credential-access techniques, the panel includes section-level
deep-links into the
<a href="https://1200km.com/insider-threat-detection/" target="_blank" rel="noopener">Insider Threat Detection Guide</a>
in the same format — article title, section heading, and a context snippet.
</p>
</div>
<div class="feature-card">
<div class="feature-card-title">Anomaly Detection Atlas & MITRE link</div>
<p class="feature-card-desc">
The panel also shows any
<a href="https://1200km.com/anomaly-detection-atlas/" target="_blank" rel="noopener">Anomaly Detection Atlas</a>
cross-references for the technique, and a direct link to the MITRE ATT&CK or MITRE ATLAS
page for the full source entry.
</p>
</div>
</div>
</section>
<!-- ── Web vs Docker comparison ── -->
<section>
<p class="section-label">Tool Comparison</p>
<h2 class="section-title">Web Tool vs Docker Platform</h2>
<p class="section-lead">
Both tools are part of the same project. Use the web tool for quick analysis without setup;
use the Docker platform for AI-powered extraction, campaigns, saved reports, and PDF generation.
</p>
<table class="compare-table">
<thead>
<tr>
<th>Capability</th>
<th>AdversaryGraph Web</th>
<th>AdversaryGraph Docker</th>
</tr>
</thead>
<tbody>
<tr>
<td>Install required</td>
<td class="yes">None — open in browser</td>
<td class="no">Docker Compose</td>
</tr>
<tr>
<td>ATT&CK frameworks</td>
<td class="yes">✓ Enterprise / Mobile / ICS / ATLAS</td>
<td class="no">Enterprise only</td>
</tr>
<tr>
<td>ATT&CK Matrix</td>
<td class="yes">✓</td>
<td class="yes">✓ (with D3 zoom/pan)</td>
</tr>
<tr>
<td>ATT&CK Group Library</td>
<td class="yes">Supported from the currently loaded ATT&CK or ATLAS dataset</td>
<td class="yes">Supported from the currently ingested ATT&CK release</td>
</tr>
<tr>
<td>My TTPs vs Groups (Compare)</td>
<td class="yes">✓</td>
<td class="yes">✓ Groups / Campaigns / Reports</td>
</tr>
<tr>
<td>Group vs Group</td>
<td class="yes">✓ up to 6 groups</td>
<td class="yes">✓ up to 6 groups</td>
</tr>
<tr>
<td>TTP detail panels</td>
<td class="yes">✓ full description + CTI FM / ITDR article deep-links</td>
<td class="yes">✓ with description, detection, LLM chat</td>
</tr>
<tr>
<td>AI report analysis</td>
<td class="no">✗</td>
<td class="yes">✓ Claude / GPT-4o / Gemini</td>
</tr>
<tr>
<td>Named campaigns</td>
<td class="no">✗</td>
<td class="yes">Supported from the currently ingested ATT&CK release</td>
</tr>
<tr>
<td>Report library</td>
<td class="no">✗</td>
<td class="yes">✓ stored sessions, re-compare</td>
</tr>
<tr>
<td>PDF export</td>
<td class="yes">✓ basic</td>
<td class="yes">✓ full multi-page</td>
</tr>
<tr>
<td>ATT&CK Navigator JSON export</td>
<td class="yes">✓</td>
<td class="yes">✓</td>
</tr>
<tr>
<td>LLM chat assistant per technique</td>
<td class="no">✗</td>
<td class="yes">✓</td>
</tr>
<tr>
<td>Anomaly Detection Atlas links</td>
<td class="yes">✓</td>
<td class="yes">✓</td>
</tr>
<tr>
<td>Privacy — data stays local</td>
<td class="yes">✓ browser-only, no backend</td>
<td class="yes">✓ self-hosted</td>
</tr>
</tbody>
</table>
</section>
<!-- ── AdversaryGraph v2 visual guide ── -->
<section>
<p class="section-label">AdversaryGraph v2.0 Visual Guide</p>
<h2 class="section-title">Screenshots, Diagrams, and Workflow Infographics</h2>
<p class="section-lead">
Visual assets from the published AdversaryGraph v2.0 article, mirrored locally on 1200km.com.
They cover the self-hosted Docker platform, AI report analysis, review workflow, ATT&CK
Navigator handoff, actor comparison, DFIR examples, Reference Sync, PDF export, and STIX/OpenCTI export.
</p>
<div class="visual-grid">
<figure class="visual-card wide">
<img src="assets/adversarygraph-v2/01-31Nq2VMJ9Mm9lgryHGJRQQ.webp" alt="AdversaryGraph v2.0 article cover" loading="lazy" />
<figcaption>AdversaryGraph v2.0 article cover.</figcaption>
</figure>
<figure class="visual-card wide">
<img src="assets/adversarygraph-v2/02-69nMwI7Xj8eNIWHv_C_KVg.webp" alt="Threat intelligence problem overview infographic" loading="lazy" />
<figcaption>Problem overview: turning report prose into defensible ATT&CK evidence and detection work.</figcaption>
</figure>
<figure class="visual-card wide">
<img src="assets/adversarygraph-v2/03-7jquz_YKO0Odni3r3InzYw.webp" alt="AdversaryGraph pages and feature map" loading="lazy" />
<figcaption>AdversaryGraph page map and major platform capabilities.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/04-VAfpLRWhfkB0pwRR5C4Nlw.webp" alt="Discover Intelligence dashboard" loading="lazy" />
<figcaption>Discover Intelligence dashboard.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/05-Up-LNxuga22bScwyZiFuHA.webp" alt="AI Analysis provider and upload panel" loading="lazy" />
<figcaption>AI Analysis provider and report upload panel.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/06-4zLLN71CBFHIMCEPOrTxmw.webp" alt="AdversaryGraph Navigator matrix workspace" loading="lazy" />
<figcaption>Navigator matrix workspace.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/07-Dw7KTqHRijCEkYvUrdBMbQ.webp" alt="ATTACK Group Library actor profile" loading="lazy" />
<figcaption>Enriched ATT&CK Group Library actor profile.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/08-07j05Kn78RJY96S3Ga4IVQ.webp" alt="Group vs Group comparison" loading="lazy" />
<figcaption>Group vs Group comparison view.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/09-z711T5SOrORpjITlM2IY9A.webp" alt="Terminal command output" loading="lazy" />
<figcaption>CLI health and setup checks.</figcaption>
</figure>
<figure class="visual-card wide">
<img src="assets/adversarygraph-v2/10-a6c9YTdIktlPk1w0FRQHaA.webp" alt="AdversaryGraph architecture infographic" loading="lazy" />
<figcaption>Self-hosted Docker architecture.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/11-z4L2KcZIixQjdkrcBt8OlA.webp" alt="Docker startup logs" loading="lazy" />
<figcaption>Docker Compose startup and ingestion logs.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/12-l_EPylZmZEnAaDF6JjQE4w.webp" alt="Discover matrix view" loading="lazy" />
<figcaption>Discover and matrix workflow state.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/13-CsGSK7APVQvnvTDCLxXKNA.webp" alt="FastAPI Swagger API documentation" loading="lazy" />
<figcaption>FastAPI Swagger documentation.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/14-EsC2UAT23n0xRDPv29oEWg.webp" alt="Local LLM provider option" loading="lazy" />
<figcaption>Local LLM provider option.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/15-89fT-TuOac6OMSNdZ61vag.webp" alt="AI Analysis extracted structured output" loading="lazy" />
<figcaption>AI Analysis extracted structured output.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/16-FpAXPkiL1j3fiuOkL7tp8A.webp" alt="APT matches tab" loading="lazy" />
<figcaption>APT matches tab in analysis results.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/17-aSqu_irokLlGQa1Njwa0fQ.webp" alt="DFIR Examples list" loading="lazy" />
<figcaption>DFIR Examples list.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/18-RL5VY8-RMrIQv_SIZpwPQQ.webp" alt="DFIR report analysis workflow" loading="lazy" />
<figcaption>DFIR report analysis workflow.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/19-T8D25vI8Mt2T7iWmqEJkfA.webp" alt="Raw AI analysis response" loading="lazy" />
<figcaption>Raw AI analysis response.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/20-q9LHKlOmbS1119qTlPKjIA.webp" alt="Navigator selected TTP layer" loading="lazy" />
<figcaption>Navigator selected TTP layer.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/21-QkMDTHSy82_j4PA96Q3j6A.webp" alt="Navigator overlay and technique detail" loading="lazy" />
<figcaption>Navigator overlay and technique detail panel.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/22-62_zstQMYPoqj4kSTn4nBg.webp" alt="PDF export control" loading="lazy" />
<figcaption>PDF export control.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/23-XfbZTKCAGTSArnhi3tiMOA.webp" alt="STIX OpenCTI export flow" loading="lazy" />
<figcaption>STIX/OpenCTI export flow.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/24-m1Zh30Hm7e6wmzZq1Mjdog.webp" alt="ATTACK Navigator export controls" loading="lazy" />
<figcaption>ATT&CK Navigator export controls.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/25-lKoiwInK4AuBHDFSINWekA.webp" alt="Reference Sync page" loading="lazy" />
<figcaption>Reference Sync page.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/26-aJW4II93D-bLqFMexDlW1g.webp" alt="Compare mode landing page" loading="lazy" />
<figcaption>Compare mode landing page.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/27-_Dlqijzjnt_Ehr1ULHPmrg.webp" alt="Group comparison graph" loading="lazy" />
<figcaption>Group comparison graph.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/28-lLkb-oRUX5Tns2S85SS16g.webp" alt="Tactic coverage chart" loading="lazy" />
<figcaption>Tactic coverage chart.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/29-0dTCvSgZ4dMeQDXkbutXPA.webp" alt="Campaign comparison page" loading="lazy" />
<figcaption>Campaign comparison page.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/30-ecTDnydMYwWX8-Ncuk8GfQ.webp" alt="Stored report comparison" loading="lazy" />
<figcaption>Stored report comparison.</figcaption>
</figure>
<figure class="visual-card wide">
<img src="assets/adversarygraph-v2/31-JDE0azpONj0OVW95p9yZkg.webp" alt="Practical attribution workflow infographic" loading="lazy" />
<figcaption>Practical attribution workflow infographic.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/32-oyHjzN-tAx7Lx19Xg0IPyA.webp" alt="Previous report PDF actions" loading="lazy" />
<figcaption>Previous report PDF actions.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/33-Rai3eOrk1Upsd4zeHxtroA.webp" alt="Review status controls" loading="lazy" />
<figcaption>Review status controls.</figcaption>
</figure>
<figure class="visual-card">
<img src="assets/adversarygraph-v2/34-lp9MmZunILgId0X7JHQVbw.webp" alt="Domain and selected TTP controls" loading="lazy" />
<figcaption>Domain and selected TTP controls.</figcaption>
</figure>
</div>
</section>
<!-- ── Ecosystem ── -->
<section>
<div class="ecosystem-bar">
<div class="ecosystem-bar-text">
<h3>Part of the 1200km.com CTI Ecosystem</h3>
<p>
AdversaryGraph Web covers four MITRE frameworks and connects to the full 1200km.com
knowledge base. TTP detail panels deep-link directly into the CTI Field Manual and
ITDR Handbook at the section level, plus Anomaly Detection Atlas cross-references.
</p>
</div>
<div class="ecosystem-links">
<a class="eco-link" href="https://1200km.com/threat-matrix/" target="_blank" rel="noopener">◈ Open AdversaryGraph Web</a>
<a class="eco-link" href="https://1200km.com/anomaly-detection-atlas/" target="_blank" rel="noopener">Anomaly Detection Atlas</a>
<a class="eco-link" href="https://1200km.com/insider-threat-detection/" target="_blank" rel="noopener">Insider Threat Detection Guide</a>
<a class="eco-link" href="https://1200km.com/cti-analyst-field-manual/" target="_blank" rel="noopener">CTI Field Manual</a>
<a class="eco-link" href="https://1200km.com/adversarygraph-docs/" target="_blank" rel="noopener">Docker Tool Docs</a>
</div>
</div>
</section>
</main>
<footer>
<div class="footer-inner">
Andrey Pautov · CTI-to-detection practitioner · Tel Aviv, Israel ·
<a href="mailto:1200km@gmail.com">1200km@gmail.com</a> ·
<a href="https://www.linkedin.com/in/andrey-pautov/">LinkedIn</a> ·
<a href="index.html">Main page</a>
</div>
</footer>
</body>
</html>