Adversary Village - Exploiting Blue Team OPSEC Failures with RedELK

Cite

DEF CON

Smeets, Marc

Formal Metadata

Title

Adversary Village - Exploiting Blue Team OPSEC Failures with RedELK

Title of Series

DEF CON 29

Number of Parts

Author

Smeets, Marc

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/54345 (DOI)

Publisher

DEF CON

Release Date

2021

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Blue teams and CERTs are increasingly better equipped and better trained. At the same time offensive infrastructures are increasingly diverse in components and growing in size. This makes it a lot harder for red teams to keep oversight but also a lot easier for blue teams to react on the traces that red teams leave behind. However, do blue teams really know what traces _they_ leave behind when doing their investigation and analyses? RedELK was created and open sourced to help red teams with these two goals: 1) make it easy to have operational oversight, 2) abuse blue team OPSEC failures. Come to this talk to learn about blue team detection and how RedELK can help you.