Category

Adversary Emulation

OceanLotus Adversary Emulation Plan

OceanLotus (aka APT32, SeaLotus, APT-C-00) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists. This project adds the first macOS and Linux focused …

Continue reading

Micro Emulation Plans: Making Adversary Emulation Accessible

Adversary emulation plans are an excellent way to validate defenses against known adversarial behaviors, but they can be cost prohibitive and very complex to execute. We wanted to lower the barrier to entry by creating smaller scale adversary emulation plans that are easy to automate and focus on …

Continue reading

Micro Emulation Plans

Micro Emulation Plans help organizations validate their defenses quickly and easily by building smaller scale adversary emulation plans that are fully automated using compatible tools and focused on common threats. The Micro Emulation Plans help scale the impact of the Adversary Emulation Library …

Continue reading

Center Conversations: Advancing Adversary Emulation w/Ryusuke Masuoka (Fujitsu System Integration)

As cyber adversaries become more sophisticated and creative, organizations of all sizes need to be able to assess their defenses against potential threats. This is where adversary emulation plans, like the Center for Threat-Informed Defense’s recent menuPass and FIN6 research projects, can have a …

Continue reading

Menupass Adversary Emulation Plan

menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security’s (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company. …

Continue reading

Caldera Pathfinder

This open-source CALDERA plugin helps you understand what a vulnerability exposes to an adversary and what potential destructive paths an adversary could take within the network as a result of those vulnerabilities. Pathfinder aims to push the boundaries on vulnerability scanning, moving them to the …

Continue reading

Center Demo: FIN6 Adversary Emulation Walkthrough

Take a tour of the MITRE Center for Threat-Informed Defense’s FIN6 Adversary Emulation Plan, the first entry in the Center’s public library of adversary emulation plans. The plan includes the FIN6 Intelligence Summary, a curated collection of available cyber threat intelligence, comprised of an …

Continue reading

FIN6 Emulation Plan

FIN6 is a cyber-crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors. This project developed an adversary emulation plan for FIN6 and …

Continue reading

Adversary Emulation Library

The Adversary Emulation Library includes a collection of adversary emulation plans that allow organizations to evaluate their defensive capabilities against the real-world threats they face. Emulation plans are an essential component in testing current defenses for organizations that are looking to …

Continue reading