What is Adversary Simulation | 10 August 2021


A short writeup on Adversary Simulation, Adversary Emulation and related concepts.


What is Adversary Emulation?


Adversary emulation exercise replicates the adversary behavior, tactics, techniques, and procedures (TTPs) of an existing threat actor OR an adversary group from the real-world.
The adversary emulation plan is always guided by cyber threat intelligence. Adversary emulation engagements primarily concentrate on mimicking the behavior of APTs and threat actors more likely to target your organization's industry. .

Here is a realistic definition from Jorge Orchilles:

Adversary Emulation is a type of red team exercise where the red team emulates how an adversary operates, following the same Tactics, Techniques and Sub-Techniques, and procedures (TTPs), with a specific objective like those of a realistic adversary.


What is Adversary Simulation?


Adversary Simulation is more aligned with red teaming engagements. Adversary simulation is more dynamic compared to adversary emulation. Adversary simulation mimics the attacker behavior, TTPs from one or more threat actors. It could even be simulating a combination of a certain threat actor TTPs and a new adversary behavior.
It is not necessary to use TTPs not previously used by a certain threat actor - The simulation plan could be using entirely new adversary tradecraft same as a red team engagement.

Image credits goes to unsplash.com
Last updated on 01 Dec 2023

Go back to Blog and Random Thoughts