This document discusses approaches to improving security through "red teaming" or adversary simulation. It defines red teaming as taking both an adversarial approach and mindset through tactics like computer simulations and vulnerability probes. The origins of red teaming in military war games from the 1960s are described. Examples of both red team failures, like a failed hostage rescue mission due to lack of planning, and successes, like security tests by the NYPD, are provided. The document outlines challenges to effective red teaming like overcoming groupthink and communicating risk. It stresses the importance of emulating realistic adversary tactics, techniques and procedures to provide useful security evaluations. Overall resources on red teaming techniques and a hypothetical red team exercise are presented.
Adversary simulation is a key component of a mature security program. Without it organizations might not truly understand their weaknesses until they face a real world adversary. This talk will promote the concept of the “Assumed Breach” model and discuss some steps security program owners can take to validate a security program is effective.
The Art of Scrum - Agile Principles in ‘Sun Tzu's Art of War’ A BA perspectiv...liviubaiu
A comparison between the precepts of a 2500 years old military treatise and the Agile Principles.
The tools and techniques described by a military strategist and their utility in the everyday life of a BA in an agile environment.
Adversary simulation is a key component of a mature security program. Without it organizations might not truly understand their weaknesses until they face a real world adversary. This talk will promote the concept of the “Assumed Breach” model and discuss some steps security program owners can take to validate a security program is effective.
The Art of Scrum - Agile Principles in ‘Sun Tzu's Art of War’ A BA perspectiv...liviubaiu
A comparison between the precepts of a 2500 years old military treatise and the Agile Principles.
The tools and techniques described by a military strategist and their utility in the everyday life of a BA in an agile environment.
MUI (Majelis Ulama Indonesia) telah mengeluarkan buku pedoman tentang penyimpangan ajaran Syi'ah. Yang ingin mengetahuinya, sudah dibuat ringkasan dalam bentuk paparan Power Point dalam 9 seri.
Love Hoi An Tour is another brand of I Love Hue Tour which is number 1st tour company in Hue.
As the first and only Lady biker company in Vietnam, we are empowering the young female students in Hoi An.
Traveling with our local tour guides will be the best way for exploring the hidden lands of Hoi An. We all know where the best to visit here.
As a local team, I Love Hoi An Tour know the best places for local food. Enjoy all Hoi An specialties like a local with our team.
Following the successful community projects of I Love Hue Tour, I Love Hoi An Tour will continue to help people who are in need.
Our team is fun and amazing! We love what we do and we will be to share our passions. We can manage any last minute booking.
Definition and applications of Gamification. Is FUN something to be banned from the workplace? How can a happy worker be also optimally productive? A series of questions, to be answered via examples, research and statistical analysis results, on a science that is still in its’ early infancy.
If you're a #startup or #small business owner and want to get and idenitity for your business, then you've click at the right place.
we provide you a Unique #Logo for your small business in your budget.
https://goo.gl/0kDHkO
Comunica al meglio te stesso e il tuo business sul web.
Panoramica sulle dinamiche del web: come si comportano gli esseri umani con un mouse in mano. Dati e abitudini nel mondo e in Italia.
I temutissimi social network: se li conosci non fanno paura, anzi sono utilissimi, per te e per il tuo business.
The informative and entertaining discussion is presented by a 26 year military and law enforcement veteran and former federal counterterrorism operative (now working as a state law enforcement agent responsible for critical energy infrastructure protection), and details the emergence of Red Cell activities and Red Teaming as a valuable form of alternative assessment for use in securing the American energy grid. A widely accepted and established practice in military and intelligence circles, Red Teaming is slowly moving into law enforcement and the private sector, and is now being utilized as a key vulnerability and threat assessment tool by state law enforcement agencies, Fortune 500 companies, and national laboratories.
The presentation features actual case studies and explains the key reasons energy producing organizations should utilize Red Teaming, including the avoidance of groupthink, complacency reduction, eliminating information silos, collective sense-making, addressing the correctly balanced approach to high impact/low frequency (5 sigma) events, and the integration of CIP compliance into a realistic physical security posture.
The brief outline details the key questions answered by Red Cell exercises: What do our adversaries want, how will they try to meet their goals, and how do we most effectively stop them? Attendees will become familiar with the basic techniques utilized in Red Teaming, including interdisciplinary teams, structured analysis, and physical exercises/penetration testing. Finally, the presentation provides a brief after-action report detailing the Red Cell Exercise conducted by the SC Public Service Authority in November 2013. That exercise addressed dam/dike sabotage, criminal targeting, executive safety, terrorism (domestic and transnational), insider threats, physical attacks on energy grid infrastructure, and workplace violence.
The attackers always win because they have the advantage. Wrong! Any seasoned Red Teamer
knows that while attackers need to succeed at each stage of their compromise to achieve their
objective, we as defenders only need to stop them along one point in the intrusion. By leveraging
our “home field advantage” and weaponizing our networks with traps and snares, we have the
opportunity to take the initiative and bring the fight to the intrusion set. Attackers may have
an untold and ever-growing number of tools and techniques to use during the attack, but they
have a limited set of tried-and-true tactics. Targeting the adversary and poisoning those tactics
enable us to weaponize our environments and transform attackers’ own decision-making into
their undoing. When attackers can never be certain if their own, unique tools are safe for them
to use, their decision-making gets disrupted and we’ve already won the fight. This talk is about
the strategy of cyberspace trapping and includes a library of scripts and demonstrations for
attendees to take with them and apply on day 0
Modelling "Effects" in Simulation and Training.Tom Mouat
Accurate prediction of outcomes in disputes is difficult, but by using wargaming and role play you can generate more accurate predictions than by other methods.
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
This is a presentation on Cyber Threat Intelligence state of the art and trends dating back to 2015! The conference was Secure South West 5 (SSW5) in Plymouth on 2nd April 2015. The content is a) introduction to CTI, b) Cyber Threat Management, and c) Threat Intelligence Platforms and other CTI toolset. Good old days :)
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces the Red Teaming concept of IOC management, how a Red Team operator can use specific IOCs to blend in to a target, and how to design specific scenarios to test a Blue Team's defensive posture.
MUI (Majelis Ulama Indonesia) telah mengeluarkan buku pedoman tentang penyimpangan ajaran Syi'ah. Yang ingin mengetahuinya, sudah dibuat ringkasan dalam bentuk paparan Power Point dalam 9 seri.
Love Hoi An Tour is another brand of I Love Hue Tour which is number 1st tour company in Hue.
As the first and only Lady biker company in Vietnam, we are empowering the young female students in Hoi An.
Traveling with our local tour guides will be the best way for exploring the hidden lands of Hoi An. We all know where the best to visit here.
As a local team, I Love Hoi An Tour know the best places for local food. Enjoy all Hoi An specialties like a local with our team.
Following the successful community projects of I Love Hue Tour, I Love Hoi An Tour will continue to help people who are in need.
Our team is fun and amazing! We love what we do and we will be to share our passions. We can manage any last minute booking.
Definition and applications of Gamification. Is FUN something to be banned from the workplace? How can a happy worker be also optimally productive? A series of questions, to be answered via examples, research and statistical analysis results, on a science that is still in its’ early infancy.
If you're a #startup or #small business owner and want to get and idenitity for your business, then you've click at the right place.
we provide you a Unique #Logo for your small business in your budget.
https://goo.gl/0kDHkO
Comunica al meglio te stesso e il tuo business sul web.
Panoramica sulle dinamiche del web: come si comportano gli esseri umani con un mouse in mano. Dati e abitudini nel mondo e in Italia.
I temutissimi social network: se li conosci non fanno paura, anzi sono utilissimi, per te e per il tuo business.
The informative and entertaining discussion is presented by a 26 year military and law enforcement veteran and former federal counterterrorism operative (now working as a state law enforcement agent responsible for critical energy infrastructure protection), and details the emergence of Red Cell activities and Red Teaming as a valuable form of alternative assessment for use in securing the American energy grid. A widely accepted and established practice in military and intelligence circles, Red Teaming is slowly moving into law enforcement and the private sector, and is now being utilized as a key vulnerability and threat assessment tool by state law enforcement agencies, Fortune 500 companies, and national laboratories.
The presentation features actual case studies and explains the key reasons energy producing organizations should utilize Red Teaming, including the avoidance of groupthink, complacency reduction, eliminating information silos, collective sense-making, addressing the correctly balanced approach to high impact/low frequency (5 sigma) events, and the integration of CIP compliance into a realistic physical security posture.
The brief outline details the key questions answered by Red Cell exercises: What do our adversaries want, how will they try to meet their goals, and how do we most effectively stop them? Attendees will become familiar with the basic techniques utilized in Red Teaming, including interdisciplinary teams, structured analysis, and physical exercises/penetration testing. Finally, the presentation provides a brief after-action report detailing the Red Cell Exercise conducted by the SC Public Service Authority in November 2013. That exercise addressed dam/dike sabotage, criminal targeting, executive safety, terrorism (domestic and transnational), insider threats, physical attacks on energy grid infrastructure, and workplace violence.
The attackers always win because they have the advantage. Wrong! Any seasoned Red Teamer
knows that while attackers need to succeed at each stage of their compromise to achieve their
objective, we as defenders only need to stop them along one point in the intrusion. By leveraging
our “home field advantage” and weaponizing our networks with traps and snares, we have the
opportunity to take the initiative and bring the fight to the intrusion set. Attackers may have
an untold and ever-growing number of tools and techniques to use during the attack, but they
have a limited set of tried-and-true tactics. Targeting the adversary and poisoning those tactics
enable us to weaponize our environments and transform attackers’ own decision-making into
their undoing. When attackers can never be certain if their own, unique tools are safe for them
to use, their decision-making gets disrupted and we’ve already won the fight. This talk is about
the strategy of cyberspace trapping and includes a library of scripts and demonstrations for
attendees to take with them and apply on day 0
Modelling "Effects" in Simulation and Training.Tom Mouat
Accurate prediction of outcomes in disputes is difficult, but by using wargaming and role play you can generate more accurate predictions than by other methods.
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
This is a presentation on Cyber Threat Intelligence state of the art and trends dating back to 2015! The conference was Secure South West 5 (SSW5) in Plymouth on 2nd April 2015. The content is a) introduction to CTI, b) Cyber Threat Management, and c) Threat Intelligence Platforms and other CTI toolset. Good old days :)
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces the Red Teaming concept of IOC management, how a Red Team operator can use specific IOCs to blend in to a target, and how to design specific scenarios to test a Blue Team's defensive posture.
Adversaries compromise at will, penetrating today’s signature and IOC dependent detection capabilities. Most incident responders are locked in a cycle of constant reaction to the fraction of activity that is known. Often, undetected attackers remain active in the network as reported incidents are remediated. A new approach is needed to break the cycle of reaction and eradicate the unknown.
An offense-based approach must be adopted. Hunting puts the defender on the offensive within their networks, allowing for rapid detection and remediation of threats. Adversary dwell time can be drastically reduced, reducing business impacts and recovery costs. The Endgame hunt platform enables instant protection, visibility, and precision response across your endpoints and automates detection of known and never before seen adversaries without relying on signatures.
This talk covers:
• Description and benefits of hunt
• Challenges of hunting
• Solutions and hunting best practices
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
2. Talk Background
Introduction and overview of Red Teaming
Organization challenges & Opportunities
Redteaming / Red Cell effectiveness
• Meeting the defenders where they are at
-Adversary simulation
• Emulating Tactics Techniques and Procedures
• Being the Adversary
Resources
4. Introduction to Red Teaming
• What is “Red Teaming”?
• Origins of “Red Team”
• Examples of Red Teaming Failures
• Examples of Red Team Successes
5. What is Red Teaming?
• Both Approach, Mindset and Tactics
• Takes many forms, Tabletop Exercises, Alternative
analysis, computer models, and vulnerability probes.
• Critical Thinking
• A Therapist…
6. What are its origins?
• Originated in the 1960’s military war-game exercises
• Red Team was meant to emulate the soviet union
• 1963 - First historical example was a redteam exercise structured
around procuring a long range bomber.
• Most early examples are structured around determining soviet
unions capability
7. Red Team Failures: Operation Eagle Claw
• Failed mission to rescue 52
diplomats held captive in the
US Embassy in Tehran.
• Operation was “need to know”
not Red Teamed
• Operation was initiated
without enough planning and
foresight into potential
challenges / obstacles
8. Unified Vision ‘01 & Millennium Challenge ‘02
• Millenium challenge ’02
• Red Cell Is highly restricted in
its actions
• Red Cell pre-emptively attacks
US navy fleet with all of their
air and sea resources sinking
21 Navy Vessels
• White Cell “refloats” sunken
navy vessels
• Unified Vision ’01
• White Cell informs Red Cell
that Blue Team has destroyed
all of their 21 hidden ballistic
missile silos
• Blue Team commander never
actually new the location of
any of the 21 silos
9. RedTeam Success Stories
• New York Marathon, NYPD and New York Roadrunners
• Cover scenarios like:
• How do you identify tainted water sources
• How to respond if drones show up in specific locations
• Race can be diverted at any point
• Israeli Defense Force – “Ipcha Mistabra”
• The opposite is most likely
• Small group in the intelligence branch
• Briefs Officials and Leaders on opposite explanations for scenarios
10. Organizational Challenges
• Overcoming Groupthink
• Maintaining Divergent thought
• Remaining Skeptical
• Assimilation into culture
• Communicating risk effectively
• Metacognition
• Leadership buy in
• “Gaming” the Op
11. Red Cell Effectiveness
• Ex. 57th adversary tactics group
• Only Highly skilled pilots are
allowed to become “aggressors”
• Allowed only to use known
adversary tactics and techniques
depending on who they are
emulating
• Same should apply to all red
teams
• Adversary emulation is key to
realistic simulations
12. Red Cell Effectiveness
• Effective adversary emulation
can mean being a “worse”
threat actor
• Tests defenders “post-
compromise” security posture.
Aka “assumed breach model”
• Post compromise / foothold
can also save valuable time
and money.
14. What are the benefits of an effective Red Cell?
• Train and measure IR teams detection and response.
• MSFT measures this as MTTD MTTR Mean time to
detect, and Mean Time to Recovery
• Validates investment in very expensive security
products, services, and subscriptions
15. An example red cell exercise
• Build a relevant threat model based on your industry
threats, or competitors breaches / news events
• Story board the attack
• Determine where IR should detect and respond
• Use Red Team to validate story board
• What went well / what went wrong – postmortem analysis
• Debrief Tactics
16. Putting it all together – Adversary simulation
• Emulate realistic threat actors TTPs
• Assume breach model
• Model attacker activity to your story board
• Information exchange between red and blue teams*
• Protect Red Team culture
• Repeat in a reasonable amount of time
17. Example Adversary Simulation – TTPs – “Deep Panda”
After seeing how these indicators were being applied, though, I came to realize
something very interesting: almost no one is using them effectively. - Pyramid
of Pain
18. ADDITIONAL RESOURCES
Books:
Red Team – Micah Zenko
Applied Critical Thinking Handbook – UFMCS
Online:
Microsoft Enterprise Cloud Redteaming Whitepaper
2015’s Redteam Tradecraft / Adversary Simulation – Raphael Mudge
The Pyramid of Pain – David Bianco
Veris Group - Adaptive Threat Devision – Will Shroeder and Justin Warner
The Adversary Manifesto - Crowdstrike
Editor's Notes
Hi everybody,
I’m chris hernandez, what a pleasure it is for me to come and visit with you for a few minutes today and share some ideas that might be beneficial to you and your organization. I’m delighted to be here, I've been looking forward to it for some time. And its nice to be back, I was here not too long ago and It says something when you are invited back… it doesn't’t say everything, but it says something. Maybe it says “lets give him one more chance, and maybe he can get it right this time…”
I feel two major responsibilities today, and here’s what they are…
Number one, is that you get your money’s worth… It looks like no body paid for admission, but hey, at least the price of a beer or dinner
And my second major responsibility is that you get your times worth, and the reason why I say that is because time is more valuable than money. If someone asks you to spend some money, sure no problem… you can get more of that… But if someone asks you to spend some time, you’ve really got to think that over… you can never get more time… so I appreciate and I understand the value of you investing your time today, and I hope this talk can be worth your time. This talk is going to be costly for me as well, its going to take some of my time… so in order for it to be worthwhile for me, I really want some of my ideas to make an impact. And I’m here not to just tell a few interesting stories and walk away, but I’m here hopefully to give you some value for your time.
So, I’d like to share with you some things I’ve learned in my career in information security, these are my perspectives and opinions on techniques for improving the security of your organization…. The ideas are not new or revolutionary. I’m just trying to share what, in my experience I feel works well in regards to redteaming
So at a high level, we talk about…
Just briefly let me tell you my story ….
I’ve worn various security hats in my career, some defensive and offensive, from helpdesk to redteaming I’ve done about everything in between and I like to think that that gives me some perspective on the challenges of security in an organization.
Both Approach, Mindset, and TacticsIf you are a leader in an environment you probably don’t know everything that is going on.
If you are wise enough to come to this conclusion you need a red team to be the bring an alternate perspective
The alternative perspective would apply to your problems, and the problems of your adversary
Earliest evidence of the origins of redteaming came out of military wargaming exercises,
1976 – Hardliners in the Ford administration didn’t agree with the CIA’s conclusion. Believed that the U.S. had a capability gap.
Team “B” of experts with access to all information about known soviet military capabilities and came to an alternative conclusion compared to the CIA report.
3 helicopters malfunction / c130 and rh53d helicopter collided
Example of what happens when there is no red teaming done in planning phases of an operation
Military example, but think of business / public sector examples
Translate this to real world / business scenarios
Multiple contingency plans for mulpiple scenarios
As a result of the redteam simulation they are able to better pretect the marathon
-
They are directed to come to the opposite conclusion of whatever the current plan or conventional wisdom is. They don’t just brief generals. They go to parliament. They brief the prime minister’s office and the prime minister’s Cabinet. They describe their jobs—one of the individuals I know who did the briefings—as exhaustive. You have to essentially be argumentative by design. You have to challenge and doubt everything that happens.
Image credit: david bianco
The key takeaway here is to understand that it is the highly skilled indivudual who can become an aggressor
You have to be good enough, to restrict yourself to a specific capability or skillset, but that capability and skillset changes based on who you are emulating
----- Meeting Notes (1/20/16 15:14) -----
nobody wants to drop 100k on a fireye and find out its configured wrong
This is a great argument for Red Teams ingesting threat intelligence reports < they can work it into their tradecraft for redteam operations
If you want to spend a year on an op working to get in, with an 0-day you can, but the simple fact is, if an adversary wants in bad enough, they will get in.
Again, if you know an adveraries MO, storyboard it, and determine where it could get caught and where defenses are lacking
Debrief after op completion
Teams need to be external in terms of culture, but internal and aware in terms of critical thought
Demoralizing if the blue team gets crushed week in and out
An appropriate way to ingest threat intelligence data