Adversarial Emulation

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 2 p.m. (45 minutes)

Today's red team isn't enough. Because we want to move our defenses and understanding beyond a detection-based approach which has repeatedly been demonstrated to fail. How do we emulate an adversary? We will go through multiple considerations of the entire red team lifecycle including walking through open source toolsets. We will talk through in detail specific host and network activities for emulation. And, we will conclude with how we can work on these activities toward a purple team approach.

Presenters:

• Bryson Bort
  Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Adversarial Emulation Bryson Bort.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Adversarial Emulation Bryson Bort.eng.srt (subtitles)
• https://www.youtube.com/watch?v=-Bh1uhPJ6j0

Similar Presentations:

• BSidesLV 2017 / Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better
• Wild West Hackin' Fest 2019 / Adversarial Emulation
• Texas Cyber Summit 2019 / RT-2021 Today’s red team isn’t enough