Ridge Security RidgeBot ACE

RidgeBot ACE (Adversary Cyber Emulation) is a security control validation tool that simulates adversary tactics, techniques, and procedures to measure the effectiveness of an organization's IT security controls. The tool operates using a software agent called a "Botlet," which executes scripted attack behaviors against target systems without causing harm to the IT environment. These assessment test scripts are mapped to MITRE ATT&CK tactics and techniques, enabling structured and repeatable adversary emulation across three core attack simulation scenarios: - **Endpoint Security**: Simulates malicious software behavior or downloads malware signatures to validate endpoint security controls. - **Data Exfiltration**: Simulates unauthorized movement of data (personal, financial, confidential, or source code) from servers to test exfiltration defenses. - **Active Directory Information Recon**: Simulates attacker reconnaissance within Windows Active Directory environments, including privilege escalation and information gathering. Security control effectiveness is measured primarily through a "Block Rate" metric — the ratio of blocked assessment scripts to total scripts executed. Results are reported across multiple dimensions including overall block rate trends, per-target block rates, and breakdowns by MITRE ATT&CK tactic and technique. For any unblocked assessment tests, RidgeBot ACE provides descriptions and mitigation suggestions to support remediation efforts.