the tools are forever evolving and latest, so you got to ask Mr. google which is the latest one? PHD will take 3 to 7 years to complete, maybe you will keep search for it from time to time...best wishes..
It is already clear to me that future of cyber security (both attack and defence) is full automation, with human involvement limited to being able to reliably visualise and monitor what the machines are doing. To see what the future looks like, I would strongly recommend learning about how the competing teams in the DARPA Cyber Security Grand Challenge automated their attacks and defences. See: http://archive.darpa.mil/cybergrandchallenge/.
Anything less sophisticated than this is not really academically interesting. Many cyber security attack tools are quite brutal and based on well-known attack patterns and techniques (https://attack.mitre.org/wiki/Main_Page, http://capec.mitre.org/data/definitions/1000.html, https://www.exploit-db.com/google-hacking-database/, https://inteltechniques.com/links.HTML) and/or known vulnerabilities (http://cwe.mitre.org/data/definitions/699.html, http://projects.webappsec.org/w/page/13246978/Threat%20Classification, https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project, https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%202017%20GM%20(en).pdf). Well-known techniques and vulnerabilities such as these are not very likely to help you much with your own PhD studies, but you should of course acknowledge the current state of knowledge.
Although the following is not particularly interesting from an academic research perspective, one practical trend I have personally noticed in my professional life is towards attacks being directed at end-user devices rather than servers. This way attacks are much harder to detect at the server side because they appear to be coming from correctly authenticated users, but in reality the attacker has taken over the client and obtained credentials, potentially allowing long term access from other devices. These are some examples of tools and techniques which are often used for client-side attacks, often in combination with social engineering or physical access:
It would potentially be interesting in terms of academic research to assess the extent to which organisations and individuals are aware of client-side attacks and have the ability to detect and respond to client-side attacks.
Please read some of the useful articles, from which you may get some new ideas on tools. They are:
Allan, R. J. (2010). Survey of agent based modelling and simulation tools (pp. 1362-0207). Science & Technology Facilities Council.
Sun, C. C., Hahn, A., & Liu, C. C. (2018). Cyber security of a power grid: State-of-the-art. International Journal of Electrical Power & Energy Systems, 99, 45-56.
KoutsouKos, X., Karsai, G., Laszka, A., Neema, H., Potteiger, B., Volgyesi, P., ... & Sztipanovits, J. (2018). SURE: A Modeling and Simulation Integration Platform for Evaluation of SecUre and REsilient Cyber–Physical Systems. Proceedings of the IEEE, 106(1), 93-112.
Li, X., Zhou, C., Tian, Y. C., Xiong, N., & Qin, Y. (2018). Asset-Based Dynamic Impact Assessment of Cyberattacks for Risk Analysis in Industrial Control Systems. IEEE Transactions on Industrial Informatics, 14(2), 608-618.
what about CYBERPSYCHOLOGY against cyber attack/challenges?
JESSICA BODFORD, PH.D. is famous academician targeting on research of cyber psychology, UK is in the progress of registering it as one of the subject under psychology society... i found that most of the attacks are targeting to harvest $$$, servers are no longer their targets as they hated firewalls, but individual users or email/social media are now massively targetted by hacker/cyber criminals, they are easy target, the criminal just need to master some social engineering strategies and tactics, then bingo! the end user response and $$$ flying to their pocket over the internet! How about solving this issues? any clues or suggestions?http://www.jessicabodford.com/cyberpsychology-journals/