University of Twente Student Theses


Autonomous emulation of adversary procedures in the (pre-)compromise domain

Bakker, D.R. (2022) Autonomous emulation of adversary procedures in the (pre-)compromise domain.

This is the latest version of this item.

[img] PDF
Abstract:In a world with ever-evolving digital threat, offensive testing in the form of adversary emulation has become an important means of keeping organisations secure. Generally, this process is manually carried out by red teams, but carries several limitations - mainly those of time, cost and consistency - hindering effectiveness, accuracy and widespread adoption. Automation could enhance manual adversary emulation, with additional benefits to security control validation and security control development use cases. Automation efforts have been made in the form of Autonomous Adversary Emulation (AAE) and Breach and Attack Simulation (BAS) solutions, but they largely focus on post-compromise adversary behaviour. In this work, we investigate the potential for autonomous emulation of adversaries in their (pre-)compromise procedures. Through a threat intelligence based approach, we implement a platform for autonomous (pre-)compromise adversary emulation in the form of an extension to MITRE CALDERA, a state-of-the-art AAE framework. Using this extension as a vehicle for further analysis, we identify several domain-specific limitations and challenges that currently exist in AAE frameworks, to which we propose high-level solutions. Finally, we show its behaviour in a dynamic testing range and explore its performance in the context of several real-world applications - showing a measurable improvement over related automation efforts in the process.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page