Hands-on: How to Use CALDERA's Chain Mode

Presented at BSidesLV 2019, Aug. 6, 2019, 2 p.m. (235 minutes)

This session will teach participants how to use the open source CALDERA tool to automate post-compromise adversary emulation exercises. CALDERA was originally released in 2017 as an R&D-heavy tool designed to run fully automated end-to-end adversary emulation exercises aligned with the MITRE ATT&CK framework. In 2019, the team pushed out a major update featuring a completely redesigned core architecture - now letting users create ""plugins"" to extend functionality - as well as a new operating mode (""chain"") that allows users to leverage CALDERA to orchestrate atomic unit tests without the overhead needed in the original release. In this course, we'll teach participants the basics of CALDERA - focusing on chain mode - including how it works, its core design, and some of the ways it can be used. Then, we'll switch to hands-on mode where we'll guide attendees on how to use CALDERA, walking through its UIs and setting up and running built-in adversaries. Once attendees are familiar with the core concepts behind CALDERA, we'll run through exercises showing how it can be extended, including building new adversary profiles, adding techniques, and, time allowing, how to develop new plugins. Attendees should be familiar with the terminal and bring a laptop.

Presenters:

• Alexander Manners
  Alexander Manners is a Lead Cyber Security Engineer at The MITRE Corporation and a Cyber Warfare Operations Officer in the United States Air Force (USAF) Reserve. He is a member of MITRE's Adversary Emulation and Security Orchestration team where he researches and develops red team and blue team automation solutions. Prior to MITRE, Alex separated from the USAF after four years as a Cyber Warfare Officer and went to work at BIT Systems (A CACI Subsidiary) in their Cyber Capabilities and Development Division filling a variety of different roles. His operational experience and technical background provides a solid footing for developing new, relevant cyber technologies.
• David Hunt
  David Hunt is a Principal Cyber Security Engineer at MITRE, where he works on automated adversary emulation. He is currently leading development of the open-source CALDERA platform, along with contributing to other projects in MITRE's internal research and development portfolio. Prior to MITRE, David led engineering for FireEye's threat intelligence division from 2016 to 2018. There, he orchestrated the storage and assimilation of APT behavioral data at scale, improving analysts' access to sensitive information. In addition to a decade in systems and software engineering, David has 5 years of experience in red team environments for both large companies and security start-ups. This time in the field has given David valuable insight into how adversaries operate in the wild. He has a passion for combining these experiences to solve real-world problems in creative ways.

Similar Presentations:

• Black Hat Europe 2017 / CALDERA: Automating Adversary Emulation
• Wild West Hackin' Fest 2019 / Adversarial Emulation