How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0

Presented at BSidesLV 2023, Aug. 8, 2023, 2 p.m. (20 minutes)

Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This talk introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.


  • Guillermo Buendia
    Guillermo (m0m0) is a Red Team Lead at one of the biggest insurance companies in the USA; he has worked for many Financial Institutions for the last ten years. He has presented his previous research at DEFCON Red Team Village, DEFCON Recon Village, BSidesLV, BSides Manchester, Hackfest CA, etc. He loves CTFs, and his fuel of choice is agnostic drinks and pizza! His primary areas of expertise are Red/Purple Team and Quake III Arena.


Similar Presentations: