Adversary emulation is a specific style of offensive assessment that uses cyber threat intelligence to describe behaviors observed in specific campaigns or malware samples. The InfoSec community has expressed continued interest to support the Adversary Emulation Library through contributing open-source intelligence and analysis of available information.
Solution ❤️
We have created a GitHub issue template for open-source intelligence contributions and hope the community will support us in our efforts.
Changes ❤️🩹
Based on :octocat: GitHub Docs for Issue Templates, added the following files...
Added osint-contrib.yml - a .yml file used to generate the issue template specific to open-source intelligence contributions.
Process
Community members can Fill out the form
Select and add a label for specific adversary
The Adversary Emulation Library team can directly respond to the issue with comments, questions, and feedback.
Considerations
Any information we feel should not be shared will be removed from the repo.
Our Goal in using this method… 🥅
Provide transparent credit to InfoSec community members that have their contributions accepted into the emulation plan
Increase the available resources on technical analysis of these adversaries that empower red teams and detection engineers
Provide the InfoSec community a feedback loop for contributions and opportunity to learn about our threat-driven approach
Problem 💔
Adversary emulation is a specific style of offensive assessment that uses cyber threat intelligence to describe behaviors observed in specific campaigns or malware samples. The InfoSec community has expressed continued interest to support the Adversary Emulation Library through contributing open-source intelligence and analysis of available information.
Solution ❤️
We have created a GitHub issue template for open-source intelligence contributions and hope the community will support us in our efforts.
Changes ❤️🩹
Based on :octocat: GitHub Docs for Issue Templates, added the following files...
.ymlfile used to generate the issue template specific to open-source intelligence contributions.Process
Community members can Fill out the form Select and add a label for specific adversary The Adversary Emulation Library team can directly respond to the issue with comments, questions, and feedback.
Considerations
Any information we feel should not be shared will be removed from the repo.
Our Goal in using this method… 🥅