ATT&CK EmulationPlans
Last updated
Was this helpful?
Last updated
Was this helpful?
If these tools provided to us by MITRE are not enough, under , we have CTID, the Adversary Emulation Library, and ATT&CK® Emulation Plans.
CITD
MITRE formed an organization named The (CTID). This organization consists of various companies and vendors from around the globe. Their objective is to conduct research on cyber threats and their TTPs and share this research to improve cyber defense for all.
Some of the companies and vendors who are participants of CTID:
AttackIQ
Verizon
Microsoft
Red Canary
Splunk
Per the website, "Our goal is to change the game on adversaries by relentlessly improving our collective ability to prevent, detect, and respond to cyber attacks."
Adversary Emulation Library & ATT&CK® Emulations Plans
The is a public library making adversary emulation plans a free resource for blue/red teamers. The library and the emulations are a contribution from CTID. There are 3 currently available: , , and . The next ATT&CK® Emulation in the pipeline is FIN7. The emulation plans are a step-by-step guide on how to mimic the specific threat group. If any of the C-Suite were to ask, "how would we fare if APT29 hits us?" This can easily be answered by referring to the results of the execution of the emulation plan.
Review the emulation plans to answer the questions below.
How many phases does APT3 Emulation Plan consists of?
Under Persistence, what binary was replaced with cmd.exe?
Examining APT29, what 2 tools were used to execute the first scenario?
What tool was used to execute the second scenario?
Where can you find step-by-step instructions to execute both scenarios?