Home
Adversary emulation is a specific style of offensive assessment that uses cyber threat intelligence to describe behaviors observed in specific campaigns or malware samples. Using real-world adversaries, the Center for Threat-Informed Defense (Center) maintains this library of adversary emulation plans and maps them to MITRE ATT&CK techniques. The goals of these emulations plans are to enable organizations to evaluate their defensive capabilities and provide red teams a template to emulate adversaries.
Emulation plans provide a step-by-step execution of the adversaries actions based on open-source intelligence reporting and mapped to MITRE ATT&CK techniques. Source code and commands are provided to execute the plan. The library contains two types of adversary emulation plans:
-
Full emulation π₯§ - starting with initial access that build on each previous step until the adversary's objective are accomplished
-
Micro emulation π° - a focused approach to emulating compound behaviors seen across multiple adversaries
For more information, we have blogs! βοΈ
π Adversary Emulation Library π Micro Emulation Plans
Getting Started πΊοΈ
Coming Soon!
A guide to submitting open-source intelligence contributions, bug requests, feature requests, and new emulation plans (or suggestions).
Coming Soon!
We π feedback! Let us know how using the Adversary Emulation Library has helped you and any snags that you encountered along the way.
π§ Email: ctid@mitre-engenuity.org
π¦ Twitter: https://twitter.com/MITREengenuity
π LinkedIn: https://www.linkedin.com/company/mitre-engenuity/
You can also make issues on this repo and reach out to the maintainers π©βπ».