• Corpus ID: 211818156

SoK: A Survey of Open Source Threat Emulators

  title={SoK: A Survey of Open Source Threat Emulators},
  author={Sunders Bruskin and Polina Zilberman and Rami Puzis and Shay Shwarz},
Threat emulators are tools or sets of scripts that emulate cyber-attacks or malicious behavior. Specifically, threat emulators can launch single procedure attacks or give one the ability to create multi-step attacks, while the resulting attacks may be known or unknown cyber-attacks. The motivations for using threat emulators are various: cutting costs of penetration testing activities by having smaller red teams, performing automated security audits in organizations, creating baseline tests for… 

Figures from this paper

Effect of Security Controls on Patching Window: A Causal Inference based Approach
This work proposes a causal inference based approach to understand the influence of security control on patching behaviour in the organisations, and introduces a novel scoring function for security controls based on 6 criteria to evaluate its effectiveness.
A next-generation platform for Cyber Range-as-a-Service
  • Vittorio Orbinato
  • Computer Science
    2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
  • 2021
The novel features for the next-generation Cyber Range platforms include the creation of a virtual clone for an actual corporate infrastructure, relieving the security managers from the setup of the training scenarios and sessions, the automatic monitoring of the activities of the participants, and the emulation of their behavior.
SAIBERSOC: A Methodology and Tool for Experimenting with Security Operation Centers
The results show that the proposed SAIBERSOC methodology is effective in identifying variations in SOC performance caused by (minimal) changes in SOC configuration.
Network Defense is Not a Game
This work proposes to define network defense tasks as distributions of network environments, to enable research to apply modern AI techniques, such as unsupervised curriculum learning and reinforcement learning for network defense, and to facilitate the design of well-defined challenges that can be used to compare approaches for autonomous cyberdefense.


A red team/blue team assessment of functional analysis methods for malicious circuit identification
It is found that FANCI was surprisingly resilient to this wide variety of attacks and was not circumvented by any of the stealthy backdoors created by the red teams, and frequent-action backdoors, which are non-stealthy back Doors, were often successful.
Blue team red team approach to hardware trust assessment
By following a red team blue team approach, two trojan detection techniques namely, path delay measurement and ring oscillator frequency monitoring, were validated in the Embedded Systems Challenge (ESC) 2010.
Testing a distributed denial of service defence mechanism using red teaming
This paper looks at the the interaction between the attacker and the defender in a Red Team/Blue Team exercise and proposes a quantitative decision framework which is able to provide optimal solutions to defend against well-organized and sophisticated attacks.
Testing a Collaborative DDoS Defense In a Red Team/Blue Team Exercise
A red team/blue team exercise sponsored by DARPA's FTN program and performed October 2002 --- May 2003 uncovered significant vulnerabilities in tested systems, pointed out desirable characteristics in DDoS defense systems, and taught many lessons about testing of DDoS defenses.
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
Experimental results show that TaintScope can accurately locate the checksum checks in programs and dramatically improve the effectiveness of fuzz testing, an automatic fuzzing system using dynamic taint analysis and symbolic execution techniques.
About Penetration Testing
  • M. Bishop
  • Computer Science
    IEEE Security & Privacy
  • 2007
Students generally learn red teaming as "breaking into your own system to see how hard it is to do so", but a penetration test requires a detailed analysis of the threats and potential attackers in order to be most valuable.
Intelligent, automated red team emulation
This paper creates a framework for automated red team emulation, focused on what the red team does post-compromise - i.e., after the perimeter has been breached, and uses an automated planner designed to accurately reason about future plans in the face of the vast amount of uncertainty in red teaming scenarios.
Effective penetration testing with Metasploit framework and methodologies
The basics of penetration testing are introduced, how to deploy and use Metasploit framework when conducting penetration testing is shown and a case study in production environment is shown.
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
The evolution of advanced persistent threats necessitates an intelligence-based model because in this model the defenders mitigate not just vulnerability, but the threat component of risk, too.
A characterization of cybersecurity simulation scenarios
This paper characterize cybersecurity scenarios along the nature of cyber systems with considerations for design and the type of actor with considerations of abilities, providing a more clear distinction compared to military oriented LVC (Live-Virtual-Constructive) simulation characterization.