Improve Your Threat Hunt With Adversary Emulation

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration)

Adversary Emulation is a type of ethical hacking engagement where the Red or Purple Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organisation. The goal of these engagements is to train and improve people, process, and technology. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organisation. In this presentation, end-to-end methodology and tools will be introduced to help security operations and defence teams. The methodology will cover how to organise cyber threat intelligence and leverage it to conduct adversary emulation and hunting using a framework like ATT&CK. Hunters, incident responders and SOC teams will learn how to use emulation to gain a better understanding of adversary TTPs and help identify gaps in controls as well as prioritise hunting and mitigation activities.

Presenters:

• Thomas V Fischer - FVT SecOps Consulting
  Thomas has over 30 years of experience in the IT industry ranging from software development to infrastructure & network operations and architecture to settle in information security. He has an extensive security background covering roles from incident responder to security architect at fortune 500 companies, vendors and consulting organisations. He is currently security advocate and threat researcher focused on advising companies on understanding their data protection activities against malicious parties not just for external threats but also compliance instigated. Thomas is also an active participant in the InfoSec community not only as a member but also as director of Security BSides London, ISSA UK chapter board member and speaker at events like SANS DFIR EMEA, DeepSec, Shmoocon, and various BSides events.

Links:

• https://deepsec.net/archive/2020.deepsec.net/speaker.html#PSLOT467

Similar Presentations:

• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
• Red Team Summit 2019 / Effective Adversary Emulation
• THOTCON 0xB (2021) Rescheduled / Adversary Detection Pipelines: Finally Making Your Threat Intel Useful