Adaptive Threat Posture Management (Industry-Specific, Global

Threat Metrics)
The Adaptive Threat Posture Management system allows users to simulate industry-specific attack
trends and view global attack metrics.

1. Industry Specific
a. Firstly, after clicking on the Industry-specific card, On the page there will be a
dropdown to choose the industry to which the client’s organization belongs.
b. After choosing Industry, a list of the latest attacks will be displayed to the user in a
cards structure, which includes the top 7 trending attacks.
c. Then there will be an option to view more attacks, the user will redirect to
“/industrial-attacks” with all attacks list. Each attack card will be clickable and having
a button “view details”. Let say user click on card named “Attack A”.
d. After clicking on card “Attack A” or on the button “view details” present on the card.
The user will redirect to “/industrial-attacks/Attack-A” which contains all detailed
information including the date, nature, and details of the attack, as well as the
groups responsible. There will be a button on the top-right to simulate a similar
attack against their organization.
e. On every Attack , there will be few goals should be tagged (UI- Chips).
f. Users can click on any attack to view a comprehensive summary and simulate that
specific attack.
g. Upon choosing to simulate an attack, users must select their goals for the simulation.
h. There will be a dropdown to choose goals as why user want to simulate that selected
attack. NOTE: List of only those goals will be displayed as tagged with the selected
attack.
i. From UI perspective, Grouped dropdown needs to be added. In the grouped
dropdown there will be 2, Phishing simulations, options will include 2FA Bypass,
Credential Phishing, Information Gathering, Dropping Campaign (Drive-by
Download), and Fingerprinting (to check active targets). Adversary simulations, the
options will include Lateral Movement, Initial Access, Command Execution,
Persistence, Privilege Escalation, Defense Evasion, Collection (email, network sharing
data), Command and Control, Data Exfiltration, and Impact Simulation. User can
select multiple goals from the dropdown.
 j. After selection of goals, user can select template from various templates linked to
the chosen attack.
k. They then select targets, groups, and landing pages as follows in “Phish-E”.
l. Then User can choose Stealth configurations offer options for basic and evasive
stealthiness with prefilled toggles based on recommendations. Advanced options
include selecting EDR, spam filters, gateway bypass, MITM, BITB, HTML Smuggling
for file dropping, safe browsing checks, look and feel enhancements and user
redirection.
m. Then User finally can schedule their simulation.
n. Once the simulation setup is complete, user is redirected to the ATPA dashboard
where details of the currently scheduled campaign are displayed. Clicking on a
specific campaign shows the progress, including active callbacks, credential fetching
(username and password), callbacks to agents, and a list of agents associated with
the attack's tag ID. Also, it will include an overview of how many goals of that
particular attack have been achieved.
o. By clicking on an individual agent, users can view the list of goals selected during the
simulation creation. They can then execute these goals, with related modules shown
in the C2 module. The history of executed commands is displayed, and users can
generate a summary of the campaign.
p. Note: A campaign can be marked complete once a minimum goal is achieved, such
as fetching one credential or receiving one agent callback.
q. Users can then generate campaign feedback and assessment, which includes
providing all data and requesting additional information if required.
Recommendations for improving security posture management are provided,
including audits, scoring, and SOC Maturity Assessment Metrics.
r. Finally, a report is generated which user can download in pdf format.
s. For continuous assessment, users can subscribe to the Adversary “Cyber Resiliency
Program,” which includes regular testing against their infrastructure and scheduled
reports provided within a week to a month after each test campaign. The system also
maintains the health of spam filters, web proxies, EDR, DLP, XDRs, and more. Users
have the flexibility to run different campaigns as needed.

2. Global Threat Metrics

Same as industry-specific but in the first step instead of asking to choose industry, direct list of
attacks will be displayed.