{"id":6582,"date":"2022-03-12T14:16:42","date_gmt":"2022-03-12T13:16:42","guid":{"rendered":"http:\/\/dcg420.org\/?p=6582"},"modified":"2022-03-14T00:35:25","modified_gmt":"2022-03-13T23:35:25","slug":"adversary-emulation-intro","status":"publish","type":"post","link":"https:\/\/www.dcg420.org\/en\/adversary-emulation-intro\/","title":{"rendered":"Adversary Emulation &#8211; Intro"},"content":{"rendered":"<div class=\"bt_rc_container\"><p>Co vlastn\u011b je Adversary emulation neboli emulace chov\u00e1n\u00ed protivn\u00edka? Je to proces, kter\u00fd vyu\u017e\u00edv\u00e1 techniky, taktiky a procedury (TTPs) protivn\u00edka obohacen\u00e9 o Cyber Threat Inteligence (CTI) k\u00a0tomu, aby byl vytvo\u0159en bezpe\u010dnostn\u00ed test, kter\u00fd je zalo\u017een na re\u00e1ln\u00fdch \u00fatoc\u00edch nebo kampan\u00edch.<!--more--><\/p>\n<p>Tolik jednoduch\u00e1 a kr\u00e1tk\u00e1 definice, ale Adversary emulation d\u011bl\u00e1 v\u00edce ne\u017e jenom, \u017ee pom\u00e1h\u00e1 s\u00a0porozum\u011bn\u00edm jednotliv\u00fdch technik, taktik a procedur potencion\u00e1ln\u00edch protivn\u00edk\u016f. Na rozd\u00edl od penetra\u010dn\u00edch test\u016f nebo test\u016f na zranitelnosti netestuje c\u00edlov\u00e9 syst\u00e9my nebo aplikace, ale obr\u00e1nce. Tedy jak\u00e1 je jejich p\u0159ipravenost na tyto typy \u00fatok\u016f, a p\u0159edev\u0161\u00edm chov\u00e1n\u00ed v\u00a0r\u00e1mci prost\u0159ed\u00ed. Emulace \u00fato\u010dn\u00edka tak\u00e9 umo\u017e\u0148uje obr\u00e1nc\u016fm stanovit priority hrozeb.<\/p>\n<p>\u00dasp\u011b\u0161n\u00e1 emulace nen\u00ed akc\u00ed jednoho u\u017eivatele nebo jedn\u00e9 skupiny. Je sp\u00ed\u0161e aktivitou, kterou prov\u00e1d\u00ed v podstat\u011b v\u0161echny skupiny kybernetick\u00e9 bezpe\u010dnosti. Zvl\u00e1\u0161t\u011b d\u016fle\u017eit\u00fdm t\u00fdmem je v\u0161ak cyber threat intelligence a red team. V mal\u00fdch organizac\u00edch je pak z\u0159ejm\u00e9, \u017ee tyto t\u00fdmy zast\u00e1vaj\u00ed jedinci nebo jsou suplov\u00e1ny n\u00e1kupem r\u016fzn\u00fdch feed\u016f nebo extern\u00edch slu\u017eeb. V\u0161echny tyto slo\u017eky pak komunikuj\u00ed a spolupracuj\u00ed se SOC a mana\u017eementem na specifikaci jak\u00fd \u00fatok re\u00e1ln\u011b organizaci hroz\u00ed (Br\u00e1nit v\u0161e znamen\u00e1 nebr\u00e1nit v\u016fbec \u2013 prioritizace). Red Team pak poskytuje sv\u016fj tradecraft a dovednosti ke spu\u0161t\u011bn\u00ed emulace.<\/p>\n<p>V minulosti byl probl\u00e9m sestavit dobr\u00fd emula\u010dn\u00ed pl\u00e1n a jeho jednotliv\u00e9 kroky. I kdy\u017e se objevovalo v\u00edce a v\u00edce odborn\u00fdch \u010dl\u00e1nk\u016f a rozbor\u016f na t\u00e9ma advanced persistent threat, byl to vlastn\u011b a\u017e Att&amp;ck framework, kter\u00fd umo\u017enil oper\u00e1tor\u016fm realizovat a mapovat emula\u010dn\u00ed pl\u00e1ny a podstatn\u011b urychlit jejich tvorbu a spr\u00e1vu. Adversary emulation podporuje tak\u00e9 jin\u00e9 open source nebo komer\u010dn\u00ed n\u00e1stroje, ale o t\u011bch a\u017e zase n\u011bkdy p\u0159\u00ed\u0161t\u011b.<\/p>\n<p>Aktivita Adversary emulation je sou\u010d\u00e1st\u00ed <strong><a href=\"https:\/\/www.dcg420.org\/en\/adgzintro\/\">Active defense Gray zone<\/a><\/strong>.<\/p>\n<p>Nicm\u00e9n\u011b o Att&amp;ck framework p\u0159\u00ed\u0161t\u011b v na\u0161em seri\u00e1lu \u00b4Att&amp;ck works\u00b4.<\/p>\n<p>&nbsp;<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Co vlastn\u011b je Adversary emulation neboli emulace chov\u00e1n\u00ed protivn\u00edka? Je to proces, kter\u00fd vyu\u017e\u00edv\u00e1 techniky, taktiky a procedury (TTPs) protivn\u00edka obohacen\u00e9 o Cyber Threat Inteligence (CTI) k\u00a0tomu, aby byl vytvo\u0159en bezpe\u010dnostn\u00ed test, kter\u00fd je zalo\u017een na re\u00e1ln\u00fdch \u00fatoc\u00edch nebo kampan\u00edch.<\/p>","protected":false},"author":3,"featured_media":6584,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[95,89],"tags":[91,90,96],"_links":{"self":[{"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/posts\/6582"}],"collection":[{"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/comments?post=6582"}],"version-history":[{"count":4,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/posts\/6582\/revisions"}],"predecessor-version":[{"id":6601,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/posts\/6582\/revisions\/6601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/media\/6584"}],"wp:attachment":[{"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/media?parent=6582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/categories?post=6582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dcg420.org\/en\/wp-json\/wp\/v2\/tags?post=6582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}