What is adversary emulation?

Adversary emulation is one of the most effective tools that an organisation can leverage to gather a realistic understanding of its actual security posture. 

Mimicking the tactics, techniques and procedures of real world threat actors requires a significant effort for all the parties involved in the process.  

Red teams have to implement the required tradecraft and manage the infrastructure while keeping precise track of all the malicious activities performed against the systems under testing. 

For small teams performing a full fledged emulation is very challenging, considering the aforementioned requirements. For bigger teams coordinating several operators performing an extensive activity against large networks can be cumbersome and often leads to inaccurate reporting. 

As a consequence Blue teams miss the opportunity of being properly challenged or fail to obtain a complete description of the activities performed. 

With our adversary emulation platform we solve all these problems.

Adversary emulation platform

We offer a platform that enables red-teamers to provide comprehensive and truly realistic experience on the Adversary Emulation.

Our platform is different from other similar tools since we provide a library that allows to transform our basic agent to potentially an implant of any threat actor

Our knowledge on the implants (aka tools in the MITRE ATT&CK language) derives from an extensive reverse-engineering activity on sample spotted on the wild. We reproduce with high fidelity all the different phases of the attack chain against each step of the kill-chain:

  • Loading

  • Injection / hooking

  • Communication protocols

  • Obfuscation steps

Our high-fidelity copy works better than the original since when the original tool/techinque/chain becomes obsolete/well-known and detected by EDRs / AVs, we can do minor changes and evade detection over and over again.

Using our platform enable blue teams to test their detection coverage on live attack scenario through all the kill-chain phases and mapping them to MITRE ATT&CK Framework:

  • Initial Access Execution

  • Persistence

  • Privilege Escalation

  • Defense Evasion

  • Credential Access

  • Discovery

  • Lateral Movement

  • Collection

  • Command and Control

  • Exfiltration