Tweet
Adversary emulation has become an increasingly common type of engagement where red teams look to known threat groups to inspire the actions and behaviors used. While scoping activity might make operating easier, emulation introduces a new set of challenges to planning. How do you know how an adversary behaves? What do you do if you only know part of the picture? How do you turn all of that into a plan? In this talk I’ll examine how we can start building an adversary profile from the open source intel in MITRE ATT&CK. Open source intel often doesn’t give a complete picture of an adversary, and I’ll talk about some of where these gaps come from, how to spot them, and some ways of filling them in. I’ll work through a process for turning the profile we’ve created into an adversary emulation plan expressed in ATT&CK and how we can stay aligned with that plan as we operate.
Speaker(s): Adam Pennington
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-08 17:45 (05:45 PM) PDT (UTC -07:00)
Event ends: 2020-08-08 18:45 (06:45 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).
Speaker(s): Adam Pennington
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-08 17:45 (05:45 PM) PDT (UTC -07:00)
Event ends: 2020-08-08 18:45 (06:45 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).