Adversarial Emulation

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 2 p.m. (45 minutes).

Today's red team isn't enough. Because we want to move our defenses and understanding beyond a detection-based approach which has repeatedly been demonstrated to fail. How do we emulate an adversary? We will go through multiple considerations of the entire red team lifecycle including walking through open source toolsets. We will talk through in detail specific host and network activities for emulation. And, we will conclude with how we can work on these activities toward a purple team approach.


Presenters:

  • Bryson Bort
    Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

Links:

Similar Presentations: