Red Team Village - Indicators of Emulation: Extra Spicy Adversary Emulation

Cite

DEF CON

Ch33r10 et al.

Formal Metadata

Title

Red Team Village - Indicators of Emulation: Extra Spicy Adversary Emulation

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Ch33r10

et al.

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/49179 (DOI)

Publisher

DEF CON

Release Date

2020

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Cyber threat intelligence, in the past, has primarily focused on extracting, preparing, and analyzing indicators of compromise for digital forensics and incident response, the security operations center, and other teams. This talk proposes that there is a benefit to including cyber threat intelligence analysts in adversarial threat emulation. By including indicators of emulation (IOE) based upon internal organizational attack data, CTI analysts can enrich and customize red team TTPs to specific threats the organization is currently facing. Don’t have a CTI team? Well, we have solutions for you! From pulling TTPs and IOEs out of thin air to a custom Golang C2 tool you can use to execute payloads that are relevant to your organization. Sit back, relax, and enjoy the show!