Breach and Attack Simulation

AttackIQ has released two new attack graphs in response to the recently published CISA Advisory (AA23-129A) that details the efforts taken by U.S. agencies to disrupt the peer-to-peer network infrastructure used by the Russian threat actor Turla and their Snake malware. Turla is the public name given to actors associated with cyberattacks conducted by Center 16 of Russia’s Federal Security Service (FSB).

The UK Department of Health & Social Care (DHSC) recently released their “…

AttackIQ is democratiziing the practice of threat-informed defense and adversary emulation, including by funding research from the Center for Threat-Informed Defense on micro-emulation planning. Learn more out how we put adversary emulation into practice in the AttackIQ Security Optimization Platform.

OpenAI's ChatGPT can tell you exactly how to use BAS to improve your cyberdefense effectiveness. But it won't help you with the Russian military specifically, and that's a very good thing. See below for why OpenAI deserves credit for this algorithmic limit.

We asked OpenAI's ChaptGPT to write a 750-800 word blog post about breach and attack simulation (BAS) in the voice of Langston Hughes. It did great; see below. And well-done, team OpenAI. 

A look back at how AttackIQ's customers and advanced research, as well as key players in the analyst community, helped propel the breach and attack simulation market forward in 2022.

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) used by Iranian nation-state adversaries against the government of Albania.

AttackIQ has released a content bundle including two new attack graphs covering two historical APT28 campaigns involving their SkinnyBoy and Zebrocy malware families and standalone scenarios emulating command-and-control traffic to test boundary controls.

AttackIQ’s Adversary Research Team has released a new assessment to test endpoint and network controls’ ability to prevent Zeppelin Ransomware.

In this guest blog post, Bradley Schaufenbuel of Paychex writes about how security teams can leverage the MITRE ATT&CK framework to mount a “threat-informed” defense. This post originally appeared as an article in SC Magazine.

AttackIQ has released two new attack graphs that emulate different aspects of OilRig’s operations against multiple sectors around the globe. With these attack graphs, you can test and validate your defenses to improve cybersecurity readiness.

AttackIQ has released two new fully featured attack graphs emulating the tactics, techniques, and procedures (TTPs) used by likely nation-state adversaries that continue exploiting the Log4Shell vulnerability in VMware Horizon Systems.