Adversary Emulation
Research and document adversary tactics, techniques, and procedures (TTPs) for security testing and threat simulation.
When to Use
- •Research threat actor TTPs for a specific group
- •Plan adversary simulation or red team exercises
- •Map behaviors to MITRE ATT&CK framework
- •Document attack chains for purple team exercises
- •Develop detection rules based on known techniques
Data Access
When you need threat actor data, attack patterns, or TTPs from the Mallory platform, use the mallory-api skill with the SDK:
- •
client.threat_actors.get("identifier")— Threat actor details - •
client.threat_actors.attack_patterns("identifier")— MITRE ATT&CK techniques - •
client.threat_actors.export("identifier")— Full profile with relationships - •
client.search.query(q="...", types="threat_actor")— Search for actors by name
Emulation Workflow
- •Select Threat Actor: Choose based on industry targeting or recent activity
- •Research TTPs: Get attack patterns and techniques from Mallory API
- •Map to ATT&CK: Align techniques to MITRE ATT&CK matrix
- •Plan Execution: Design test scenarios for each technique
- •Document Detections: Record expected detection opportunities