Link Search Menu Expand Document

What is Adversary Emulation?

This post is part of our course Red Team Adversary Emulation 101: Mimicking a real-world cyber attack.

Adversary Emulation is a form of cybersecurity assessment. During this assessment assessors replicate a specific threat scenario. For example, assessors may assume the role of cyber criminals who want to exfiltrate customer data out of the organization. Another scenario could be assessors trying to infect the organization’s software product(s) and mimic a supply chain attack.

How to perform Adversary Emulation?

These exercises are performed by red teams. The responsibility of defending lies with blue teams. Usually an attack methodology is created or followed to conduct these exercise. This can be in form of a process, such Red Team Operations Attack Lifecycle. Or well defined attack plans such as MITRE Adversary Emulation Plans. Cyber threat intelligence sources also play a key role during this exercise. They often serve as a starting point for most exercises.


The aim of this exercise is to see how the organization’s defenses will fare in the event of a real cyber attack. Such exercises are helpful in identifying vulnerabilities missed during other assessments (such as penetration testing) as such assessments are usually limited in scope and attack surface. For example, Facebook is leveraging adversary emulation to protect their infrastructure from sophisticated attacks.

Featured Image Source: Freepik