Adversary Emulation Library
#Threat Defense#Threat Management
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
In collaboration with Center Participants,
In collaboration with Center Participants, the Center for Threat-Informed Defense (Center) maintains a comprehensive library of adversary emulation plans. This valuable resource allows organizations to evaluate their defensive capabilities against real-world threats. Emulation plans play a vital role in testing existing defenses, particularly for organizations that seek to align their security measures with the actual behavior of adversaries.
The Library Provides Two Types of Adversary Emulation Plans
The library provides two types of adversary emulation plans: full emulation and micro emulation. Full emulation plans offer a comprehensive method for simulating a specific adversary, such as FIN6. This approach encompasses the entire process, starting from initial access and extending to data exfiltration.
These plans replicate a wide range of ATT&CK tactics and techniques
These plans replicate a wide variety of ATT&CK tactics and techniques. They are specifically designed to simulate an actual breach by the identified adversary. Micro emulation plans provide a focused method for imitating complex behaviors that are seen across different adversaries, including webshells.
