OpenSec Atlas

adversary_emulation_library: An Open Source Documentation for Threat Intelligence | OpenSec Atlas

Threat Intelligence

Documentation

adversary_emulation_library

An open library of adversary emulation plans enabling organizations to test and improve their defenses based on real-world attacker behaviors and tactics.

Visit Website View on GitHub

About This Tool

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Primary Use Case

This tool is used by security teams, especially red teams and threat hunters, to simulate realistic adversary behaviors and evaluate their defensive capabilities against known threat actor tactics. Organizations leverage these emulation plans to prioritize and strengthen their security posture through practical, scenario-based testing and training.

Key Features

Comprehensive full adversary emulation plans covering end-to-end attack scenarios
Focused micro emulation plans targeting specific adversary behaviors or techniques
Alignment with MITRE ATT&CK framework tactics and techniques
Plans based on real-world threat actor intelligence and behaviors
Supports red teaming, threat hunting, and security training exercises
Open and community-driven library maintained by the MITRE Center for Threat-Informed Defense
Detailed intelligence summaries accompanying each adversary emulation plan

Insights & Recommendations

This repository primarily provides documentation and structured emulation plans rather than executable software; users should integrate these plans into their existing red team or security testing workflows. Familiarity with the MITRE ATT&CK framework and adversary emulation concepts is recommended to effectively utilize the library.

Smart Usage Notes

Integrate adversary emulation plans with blue team detection tools to validate alerting and response capabilities.Use micro emulation plans for targeted training sessions to improve specific defensive skills.Leverage the library to build realistic purple team exercises that enhance collaboration between red and blue teams.Automate execution of emulation plans in test environments to continuously assess security posture.Combine with threat intelligence feeds to tailor emulation plans to evolving adversary behaviors.