Planting a Ground Truth Security Science

The Tradecraft Garden is a collection of projects to decompose evasion tradecraft into self-contained units of execution, separate from (but usable with) C2 frameworks. These tradecrafts, separated from capability, are security ground truth. These ground truth outputs have uses for:

• Breach and Attack Simulation
• Detection Engineering
• EDR Test and Evaluation
• Security Testing Exercises

The broader goal of Tradecraft Garden is to:

• inform the security conversation
• serve as a public good resource for others to build on
• demonstrate ideas, in context, while serving multiple security use cases and communities

Projects

Tradecraft Garden's projects include:

• Crystal Palace: A linker, linker script language, and Aspect-Oriented Programming (AOP) tools for position-independent code projects.
• The Tradecraft Garden: A corpora of in-memory evasion tradecraft, both load and runtime, packaged into capability loaders and shared libraries.

Latest News

• December 1, 2025 - Tradecraft Orchestration in the Garden - %variables and modular .spec files
• November 10, 2025 - Tradecraft Engineering with Aspect-Oriented Programming - PIC/PICO instrumentation, PICO exports
• October 27, 2025 - Tradecraft Garden's PIC Parterre - DFR revisited, fixbss, and remap
• October 13, 2025 - Weeding the Tradecraft Garden - PIC ergonomics and shared libraries
• September 10, 2025 - COFFing Out the Night Soil - internal COFF normalization, COFF merge, and COFF export
• July 5, 2025 - Tradecraft Garden: Tilling the Soil - Binary Transform and COFF as-a-capability support in Crystal Palace
• June 4, 2025 - Planting a Tradecraft Garden - Initial release