DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Emulating an Adversary with Imperfect Intelligence

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Emulating an Adversary with Imperfect Intelligence

    Adversary emulation has become an increasingly common type of engagement where red teams look to known threat groups to inspire the actions and behaviors used. While scoping activity might make operating easier, emulation introduces a new set of challenges to planning. How do you know how an adversary behaves? What do you do if you only know part of the picture? How do you turn all of that into a plan? In this talk I’ll examine how we can start building an adversary profile from the open source intel in MITRE ATT&CK. Open source intel often doesn’t give a complete picture of an adversary, and I’ll talk about some of where these gaps come from, how to spot them, and some ways of filling them in. I’ll work through a process for turning the profile we’ve created into an adversary emulation plan expressed in ATT&CK and how we can stay aligned with that plan as we operate.

    Speaker(s): Adam Pennington

    Location: Red Team Vlg

    Discord: https://discord.com/channels/7082082...77357820411944

    Event starts: 2020-08-08 17:45 (05:45 PM) PDT (UTC -07:00)

    Event ends: 2020-08-08 18:45 (06:45 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:26 (UTC).
    Starts
    August 8, 2020 17:45
    Ends
    August 8, 2020 18:45
    Location
    Red Team Vlg
Working...
X