code Development
Development of the components required to conduct the evaluation
Decomposition
We extract cyber threat intelligence (CTI) into individual components that compromise the emulation plan
Chain
We recompile and organize procedures into a larger emulation scenario
Refinement
We fill in gaps through collaboration and targeted research
Tooling
We select/build offensive tools that can faithfully replicate behaviors
Customization
We capture important tradecraft details (e.g. delivery mechanisms, command and control, etc.)
Review
We compare against CTI and note deviations
Creation
We compile all the information into a structured emulation plan