1. Home
  2. Resources
  3. Get Started
  4. Adversary Emulation and Red Teaming

Adversary Emulation and Red Teaming

ATT&CK provides a common language and framework that red teams can use to emulate specific threats and plan their operations.

Getting Started with ATT&CK: Adversary Emulation and Red Teaming Blog Post
This blog post describes how you can get started using ATT&CK for adversary emulation and red teaming at three different levels of sophistication. (July 2019)

Do-It-Yourself ATT&CK Evaluations to Improve Your Security Posture Presentation
This presentation explains how defenders can improve their security posture through the use of adversary emulation by performing their very own ATT&CK Evaluations. (June 2019)

APT ATT&CK - Threat-based Purple Teaming with ATT&CK Continued Presentation
This presentation takes a deep-dive into using ATT&CK for purple teaming, including lessons learned from ATT&CK Evaluations. (May 2019)

To Blue with ATT&CK-Flavored Love Presentation
This presentation provides a red teamer’s perspective to show how ATT&CK is a valuable tool to help red and blue teams work together to improve their defenses. Slides are also available. (July 2019)

Finding Cyber Threats with ATT&CK-Based Analytics
Presents a methodology for using ATT&CK to build, test, and refine behavioral-based analytic detection capabilities. (June 2017)

Adversary Emulation Plans
To showcase the practical use of ATT&CK for offensive operators and defenders, MITRE created Adversary Emulation Plans. We previously released a plan for APT3 (as well as an accompanying field manual) and anticipate that we will release additional plans in the future.

CALDERA
CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans using a pre-configured adversary model based on ATT&CK. This presentation from BSides Charm provides an overview of CALDERA.

Threat-based Purple Teaming with ATT&CK Presentation
This presentation discusses how purple teams can use ATT&CK as a common language for adversary emulation. Slides are also available. (June 2018)

ATT&CKing with Threat Intelligence Presentation
This presentation provides perspective on how to use threat intelligence for ATT&CK-based adversary emulation Slides are also available.

ATT&CK Evaluations Adversary Emulation Summary
This summary from the ATT&CK Evaluations website provides an introduction to how ATT&CK Evaluations used an adversary emulation approach.



Return to Get Started