Abstract
Autonomous cyber attack emulation can aid cyber defenders to identify and remediate cyber risks. MITRE’s Caldera software is the state-of-the-practice for automated attack emulation. Yet, it has not been systematically analyzed, putting its performance and effectiveness into question. This paper systematically characterizes Caldera’s architecture, abilities and use cases, and assesses its strengths and weaknesses. It draws useful insights, such as: Caldera excels in stealthy access and execution tactics to pilfer data against Windows operating systems. It also discusses two directions for Caldera improvement: module-level automation and end-to-end attack emulation.
Recommended Citation
Chang, Caleb; Cao, Matthew; Teoh, Kenyou; Ear, Ekzhin; and Xu, Shouhuai
(2025)
"Characterizing Caldera’s Cyber Attack Emulation Capabilities,"
Military Cyber Affairs: Vol. 8
:
Iss.
1
, Article 5.
Available at:
https://digitalcommons.usf.edu/mca/vol8/iss1/5
Included in
Cognitive Psychology Commons, Cognitive Science Commons, Computer and Systems Architecture Commons, Computer Law Commons, Digital Communications and Networking Commons, Intellectual Property Law Commons, International Relations Commons, Military, War, and Peace Commons, National Security Law Commons, Other Computer Engineering Commons, Systems Science Commons
