Custom Threats

The "Custom Threats" module in EVE allows users to create and execute custom scripts for emulation purposes, offering an alternative to traditional malware-based testing.

Users can either create new scripts or upload existing ones, with support for various scripting languages such as Python (".py"), Perl (".pl"), Ruby (".rb"), PowerShell (".ps1"), Bash (".bat"), and Shell (".sh").

This flexibility enables users to simulate a wide range of threat scenarios tailored to their specific needs, allowing for more precise and relevant testing of security controls. By leveraging custom scripts, organizations can better assess their defenses against potential threats that may not be covered by standard malware, ultimately enhancing their overall security posture.

By leveraging custom scripts, users can do (but not limited) :

  1. Replicate Individual TTPs: Create precise emulations that mimic specific actions, such as privilege escalation, persistence, or data exfiltration, aligning with the exact TTPs defined in frameworks like MITRE ATT&CK.

  2. Replicate Attack Stages and Methodologies: Design scripts that represent different stages of an attack, from initial access to lateral movement and impact, allowing for comprehensive testing of defenses across all phases of the kill chain.

  3. Follow the Kill Chain Using Scripts: Develop and execute scripts that follow the logical sequence of an attack, replicating the methodologies used by threat actors. This enables organizations to simulate how an attacker might progress through their environment, providing insights into how each security control performs at various points in the attack lifecycle.

  4. Test Custom Attack Scenarios: Users can design unique attack scenarios that combine multiple TTPs or introduce novel techniques that are not yet widely recognized. This allows for the testing of how well defenses can handle sophisticated or emerging threats that might not be covered by existing threat intelligence.

  5. Validate Incident Response Procedures: By simulating specific attack scenarios using custom scripts, users can evaluate and refine their incident response processes. This helps ensure that teams are prepared to respond effectively to real incidents, reducing response times and improving overall security posture.

  6. Benchmark Security Controls: Users can utilize custom scripts to benchmark the performance of their security controls against specific TTPs. This allows for the identification of gaps or weaknesses in existing defenses, providing actionable insights for improving security measures.

  7. Emulate Insider Threats: Custom scripts can be crafted to mimic insider threat behaviors, such as unauthorized access or data manipulation, enabling organizations to assess their ability to detect and mitigate risks posed by malicious insiders.

  8. Enhance Threat Hunting: By generating controlled threat simulations with custom scripts, users can test and enhance their threat hunting capabilities. This helps teams to proactively identify and address potential threats before they can cause harm.

  9. Automate Routine Testing: Users can automate the execution of custom scripts to perform routine security testing. This ensures continuous validation of security controls, helping to maintain a strong defense posture over time.

  10. Train Security Teams: Custom scripts can be used as part of training exercises, allowing security teams to practice identifying and responding to specific attack techniques. This hands-on experience helps build expertise and readiness within the team.

Last updated