Photo by Jeferson Argueta on Unsplash

Emulate Attacks with MITRE Caldera

Volcanic

Article from ADMIN 92/2026

By Matthias Wübbeling

Organizations often lack the human and financial resources for red and blue teaming, forcing many admins to become both the attacker and the defender. The MITRE Caldera cybersecurity platform supports attack emulation and automates security testing.

Cybersecurity is not a one-time investment, but an ongoing budget item. Attackers are constantly improving their tools, techniques, and methods, which means defenders also need to up their detection and response game and improve security checks. If you perform manual attack analysis and emulation, you will realize how expensive, time-consuming, and difficult to repeat this work can be.

Other articles have covered tools and knowledge databases from US-based research institution MITRE. With Caldera [1], the organization now promotes a tool that helps you automatically replicate attacker behavior, allowing you to simulate complex attack chains without the need for a red team on site. You execute the same playbook of an attack pattern repeatedly to adjust your defenses in real time and validate their effectiveness.

ATT&CK Framework Basis

Caldera is available as a free open source platform and enables attacker emulation exercises with the MITRE ATT&CK framework [2]. The platform is a plugin-based framework in which modular attack steps, known as "abilities," are grouped into sequences or "adversaries" that are then executed by agents on the target computers. The agents are cross-platform capable and can be used on Windows, Linux, and macOS.

Instead of targeting exploits or vulnerabilities like other tools, Caldera targets the behavior of an attacker by simulating techniques that attackers use after a compromise, such as privilege escalation, lateral movement, or the exfiltration of company data. Its modularity and automation will help you hone your skills and adapt them to the existing IT infrastructure.