Blackhat 2020 Arsenal - C2 Matrix

•

0 likes•391 views

Slides from @jorgeorchilles and @brysonbort talk at Blackhat 2020 - Arsenal covering the C2 Matrix. Website: https://thec2matrix.com Blackhat: https://www.blackhat.com/us-20/arsenal/schedule/#c-matrix-comparison-of-command-and-control-frameworks-20768 Video: https://youtu.be/2i9KjHCR6ik Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 41 command and control frameworks documented in a Google Sheet, web site, and questionnaire format.

Technology

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
• CEO/Founder - SCYTHE
• C2 Matrix Co-Creator
• Founder – GRIMM
• Co-Founder – ICS Village
• R Street Senior Fellow, National and Cybersecurity
• Advisor to the Army Cyber Institute
• NSI Senior Fellow
T1033 – Bryson Bort

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
• Proliferation of Offensive Security Tools
• Empire went EOL (it is now maintained by BC-
Security)
• Compendium of C2 frameworks
• Added other capabilities
• Began evaluating them to find the ideal one for red
team engagement
• Realized it can be used by Red and Blue Teams
Why did we build this?

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
• Comparison of Command and Control (C2)
Frameworks
• Google Sheet of C2s
• GUI: https://www.thec2matrix.com/
• Find ideal C2 for your needs:
https://ask.thec2matrix.com
• Gitbook on how to install and use the C2; setup
lab environment; contribute; and defend:
https://howto.thec2matrix.com
• SANS Slingshot C2 Matrix Virtual Machine
• @C2_Matrix & #C2Matrix on Twitter
C2 Matrix

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
TheC2Matrix.com

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
GUI

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
Golden Source: Google Sheet
https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
Ask.thec2matrix.com

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
Howto.thec2matrix.com

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
SANS Slingshot C2 Matrix Edition

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
howto.thec2matrix.com/contribute

@C2_Matrix
thec2matrix.com
@JorgeOrchilles
@BrysonBort
#BHUSA
@BLACKHATEVENTS
Feedback

C2 Matrix
Demo
@JorgeOrchilles
@BrysonBort

Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019. When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.

8.8 Las Vegas - Adversary Emulation con C2 Matrix

Jorge Orchilles

Physical Penetration Testing (RootedCON 2015)

Eduardo Arriols Nuñez

Video en Youtube: https://www.youtube.com/watch?v=hngTacTVT3Y La realización de un Test de Intrusión Físico tiene como finalidad conseguir acceso físico a una determinada ubicación, y no es una tarea sencilla. Requiere preparación, investigación, análisis, coordinación, mucha simulación y la aplicación de una metodología flexible que pueda adaptarse a las condiciones particulares de cada objetivo. Analizar el entorno, evadir todo tipo de sistemas de seguridad física y colaborar en equipo (Red Team), son aspectos fundamentales para lograr la intrusión, y con ello posteriormente, el acceso a equipos, red y un sinfín de datos en las instalaciones del objetivo.Si quieres saber qué es un Red Team y profundizar en la realización de intrusiones físicas, esta es tu charla. URL del video: https://www.youtube.com/watch?v=TTwY2wPTcNg

Red team EngagementIndranil Banerjee

Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...

Jorge Orchilles

Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos. VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments. Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.

Career In Information security

Anant Shrivastava

Berkarir di Cyber Security

Satria Ady Pradana

Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks. In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools. The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources. One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence. Presenters: Jaime Blasco and Santiago Bassett Cornerstones of Trust 2014: https://www.cornerstonesoftrust.com

IOT Security FUN-damental

Satria Ady Pradana

Adversary Emulation and Red Team Exercises - EDUCAUSE

Jorge Orchilles

Slides for EDUCAUSE - Security Professionals Conference Online https://www.educause.edu/ by https://twitter.com/jorgeorchilles References: Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 MITRE ATT&CK https://attack.mitre.org/ ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ C2 Matrix: https://www.thec2matrix.com/ VECTR: https://vectr.io/ 2 Day Red Team Exercises and Adversary Emulation SANS Course SEC564: https://www.sans.org/course/red-team-exercises-adversary-emulation

Riscure Introduction

Riscure

5 Things You Should Know About Ethical Hacking

Koenig Solutions Ltd.

Security by Design: An Introduction to Drupal Security

Tara Arnold

Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal. YOU'LL LEARN: Security by design in Drupal Site audit and security best practices Encrypting sensitive data Key management (encryption & API) Resources to improve security

Skills For Career In Security

Prasanna V

Managing Next Generation Threats to Cyber Security

Priyanka Aash

The emergence of next generation technology into the cyber security space has added complications and challenges on several levels. When we talk about next generation technologies we should mean those associated directly with artificial intelligence (AI) and associated components such as machine learning (ML). Unfortunately, many organizations opt to hype current generation products as next gen. In this workshop we will begin by exploring what we need to know about AI and its components. We will dispense with the marketing hype and get down to the facts. Then we will look in detail at a few available tools that truly are next gen - and what makes them next gen - followed by a discussion of where the adversary is going with AI, ML and other next gen technologies. We will wrap up with research from my upcoming book which discusses the collision between the law and cyber science. In this section we also will address some governance issues that you need to know

MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...

MITRE - ATT&CKcon

This session discusses Deloitte’s purple teaming approach which is using ATT&CK as a guiding principle to help both teams improve. This session shows how this works in a customer scenario, how to scope that scenario, how to plan the scenario and choose the various TTPs to be covered to how we assist the customers blue team in understanding the TTPs and helping them design detective capabilities for them. When the Blue Team is able to connect the dots from offensive activities in the network and what they see in their logs, firewalls, SIEMs, etc. they have the ability to fully understand what adversaries do and what the TTP’s of attackers actually look like if they are active in their network. It’s much easier to find the needle in the haystack if you know there is a needle to find to begin with. Purple teaming is providing this pointy needle, used to accelerate the Blue Team.

Jim Wojno: Incident Response - No Pain, No Gain!

centralohioissa

Say incident response to 10 people and odds are you'll get 10 different opinions on how to do it right. When evaluating tools and procedures for enterprise Incident Response it's helpful to understand how to approach this in a way that will cause the adversary maximum pain. This talk will review the essential requirements for IR tools and procedures in a vendor / tool neutral approach. Find out the right questions to ask and the strategies to make sure you get the most out of your incident response team.

ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink

Gert-Jan Bruggink

The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries. Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.

Jerod Brennen - What You Need to Know About OSINT

centralohioissa

Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Chase Schultz

Slides from Defcon IoT Village Workshop Ever wondered how people get shells via hooking up to chips or pins on a board? Or how to dump the firmware off a device you own at home? How chips that send those bits, bytes, and nibbles flying across traces on a board can be analyzed for profit? The Pwning IoT Devices via Hardware Attacks workshop is focused on a hands-on learning experience, of how people use hardware attacks to get initial access IoT Devices for security research. This workshop is designed for people new to hardware hacking, looking to have fun exploiting the Internet of (broken) Things. So come on out if you're looking to join the embedded system & IoT exploitation party!

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...

Vaticle

⚛️ Building a cyber threat intelligence knowledge management system using Grakn Knowledge of cyber threats is a key focus in many areas of cybersecurity. Adapting intrusion detection systems, building relevant red team scenarios, guiding incident response activities, providing a more effective risk assessment through better knowledge of threat agents: all of these require a deep understanding of the issues related to the relevant cyber threats and its associated human and technical elements. During this talk, we will describe how we are using the hyper-relational data model, the logical inferences and the core features of Grakn to build an application (openCTI) allowing organizations to manage their cyber threat intelligence knowledge and technical observables. We will go through the data model, the implementation of nested relations and give you an overview on how you can create powerful applications using Grakn. Don't forget to check out the openCTI project here --> www.opencti.io

Adversary Emulation - DerpCon

Jorge Orchilles

Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.

2019 FRecure CISSP Mentor Program: Session Two

FRSecure

Adversary Emulation and the C2 Matrix

Jorge Orchilles

Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decision making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 35 command and control frameworks documented in a Google Sheet, web site, and questionnaire format. https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0 https://www.thec2matrix.com/matrix https://ask.thec2matrix.com/ Learn how Red Teams and Blue Teams work together in virtual Purple Teams Leverage Cyber Threat Intelligence to understand adversary tactics, techniques, and procedures Perform adversary emulations in Red or Purple Team Exercises Choose which command and control to use for the assessment to provide the most value Measure and improve people, process, and technology

Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...

CODE BLUE

The modern web-scale network is a pretty complicated place. Modern techniques in Systems Management have made it trivial to create, destroy and repurpose any number of instance types. These instances can span the range from bare metal machines sitting in a datacenter, to 3rd party virtual machines on demand, and now these new containers and microservices seem to be all the rage. Instances are cattle, they are no longer pets. All of this perpetual churn and flexibility is exactly what you want in a constantly changing, highly available, and efficient infrastructure. The ability to create or destroy nodes on demand, or continuously and automatically scale up, down, and re-deploy applications as part of a continuous integration pipeline, have become necessary and an integral part of daily operations. However these systems can generate terabytes of network logs a day. And if your job is detecting, correlating, and alerting on the correct anomaly in all that data, the analogy of the needle in the haystack really doesn’t do it justice, something closer would be akin to finding a needle in the windstorm. How do you begin to collect, store, analyze, and alert on this much data without costing the company a small fortune? What are some practical steps you can take to reduce your overall risk and begin to gain more insight, visibility, and confidence into what is actually taking place on your network? This talk aims to give the attendee a solid understanding of the problem space, as well as recommendations and practical advice from someone who built their own ‘big data’ network and security monitor. It really is easier than it sounds.

DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling

DevSecCon

Ed McCabe - Putting the Intelligence back in Threat Intelligence

centralohioissa

What is Threat Intelligence? It's more than raw source feeds and technical information. If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence. We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.

Root the Box - An Open Source Platform for CTF Administration

Christopher Grayson

TestBoss November 2018 - Ghost in the machine, how hackers break software

Corecom Consulting

What's hot

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Santiago Bassett

IOT Security FUN-damental

Satria Ady Pradana

Adversary Emulation and Red Team Exercises - EDUCAUSE

Jorge Orchilles

Riscure Introduction

Riscure

5 Things You Should Know About Ethical Hacking

Koenig Solutions Ltd.

Security by Design: An Introduction to Drupal Security

Tara Arnold

Skills For Career In Security

Prasanna V

Managing Next Generation Threats to Cyber Security

Priyanka Aash

MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...

MITRE - ATT&CKcon

Jim Wojno: Incident Response - No Pain, No Gain!

centralohioissa

ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink

Gert-Jan Bruggink

Jerod Brennen - What You Need to Know About OSINT

centralohioissa

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Chase Schultz

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...

Vaticle

Adversary Emulation - DerpCon

Jorge Orchilles

2019 FRecure CISSP Mentor Program: Session Two

FRSecure

Adversary Emulation and the C2 Matrix

Jorge Orchilles

Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...

CODE BLUE

DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling

DevSecCon

Ed McCabe - Putting the Intelligence back in Threat Intelligence

centralohioissa

What's hot (20)

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

IOT Security FUN-damental

Adversary Emulation and Red Team Exercises - EDUCAUSE

Riscure Introduction

5 Things You Should Know About Ethical Hacking

Security by Design: An Introduction to Drupal Security

Skills For Career In Security

Managing Next Generation Threats to Cyber Security

MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...

Jim Wojno: Incident Response - No Pain, No Gain!

ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink

Jerod Brennen - What You Need to Know About OSINT

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...

Adversary Emulation - DerpCon

2019 FRecure CISSP Mentor Program: Session Two

Adversary Emulation and the C2 Matrix

Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...

DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling

Ed McCabe - Putting the Intelligence back in Threat Intelligence

Similar to Blackhat 2020 Arsenal - C2 Matrix

Root the Box - An Open Source Platform for CTF Administration

Christopher Grayson

TestBoss November 2018 - Ghost in the machine, how hackers break software

Corecom Consulting

Red Team Framework

👀 Joe Gray

Presented at the DEFCON27 Red Team Offensive Village on 8/10/19. From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors. In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.

Red Team Framework

Adrian Sanabria

Vault: Beyond secret storage - Using Vault to harden your infrastructure

OpenCredo

Global Azure Bootcamp 2017 - Azure Key Vault

Alberto Diaz Martin

ShiftGearsWithInformationSecurity.pdf

Steven Carlson

This talk will be focused on discussing war stories from a product architect/engineer who lives within an information security department and is passionate about driving change. Attendees will get to experience a few different routes that have lead to success and others that might need to avoided. As an ever-evolving space, when reducing risk and deploy safe products to the market, we all have to find the correct gear to get us down the road.

March cybersecurity powerpoint

Courtney King

Become a Software Developer (144 hours)

chee wai wong

2018 Boulder JUG Deconstructing and Evolving REST Security

David Blevins

The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, are riddled with extensions, and almost seem designed to deliberately confuse. For a back-end REST developer, choking all this down for the first time is mission impossible. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. We then detail a competing Amazon-style approach called HTTP Signatures, ideal for B2B scenarios and similar to what is use to secure all Amazon AWS API calls. Each approach will be explored analyzing the architectural differences, with a heavy focus on the wire, showing actual HTTP messages and enough detail to have you thinking, "I could write this myself." As a bonus at the end, well peak into a new IETF Internet Draft launched this year that combines JWT and HTTP Signatures into the perfect two-factor system that could provide a one-stop shop for business as well as mobile REST scenarios. Come to this session if you want to go from novice to expert with a bit of humor, a big picture perspective and wire-level detail.

CTFs, Bugbounty and your security career

Ibrahim El-Sayed

HashiCorp User Group Paris: Consul & Inversion of Control for Infrastructure

Pierre Souchay

Best cyber security certifications 2017

Koenig Solutions Ltd.

The Future of Security Architecture Certification

danb02

Would you drive over a Bay Bridge built from an amateur building architect's blueprints? What if the architect passed a multiple choice test first - is that good enough? Society's answer to these questions is obviously NO. But unlike building architects, security architects are not always required to have Certificates or Degrees and standards for such are lacking. As information gains value, and we move from "information security" to also securing the Internet of Things, security architecture becomes increasingly consequence-laden and the question of required training and accreditation more pressing. The slides are from a webinar in which Linked In Security Architecture group participants collaboratively explored the Future of Security Architecture Certification.

Deliver Value to Empowered B2B Customers for Japan TFM&A Paula Wang

HaleResume28June2016David Hale

Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay

IIIT Hyderabad

SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...

SecureAuth

In 2015 alone, over 3000 cyber attacks were reported globally – with many more never reported or even detected. Enterprises deploy security point solutions in the hopes of stopping a data breach, while savvy attackers work to exploit the whitespace between them. In this webcast, Garrett Bekker, Senior Analyst, Enterprise Security of 451 Research and Stephen Cox, Chief Security Architect of SecureAuth explored how the Connected Security Alliance is bringing together best-of-breed cyber security vendors to close the gap between isolated security products. Originally presented October 19, 2016.

Similar to Blackhat 2020 Arsenal - C2 Matrix (18)

Root the Box - An Open Source Platform for CTF Administration

TestBoss November 2018 - Ghost in the machine, how hackers break software

Red Team Framework

Vault: Beyond secret storage - Using Vault to harden your infrastructure

Global Azure Bootcamp 2017 - Azure Key Vault

ShiftGearsWithInformationSecurity.pdf

March cybersecurity powerpoint

Become a Software Developer (144 hours)

2018 Boulder JUG Deconstructing and Evolving REST Security

CTFs, Bugbounty and your security career

HashiCorp User Group Paris: Consul & Inversion of Control for Infrastructure

Best cyber security certifications 2017

The Future of Security Architecture Certification

Deliver Value to Empowered B2B Customers for Japan TFM&A

HaleResume28June2016

Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay

SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...

More from Jorge Orchilles

SCYTHE Purple Team Workshop with Tim Schulz

Jorge Orchilles

Join Tim Schulz, Adversary Emulation Lead at SCYTHE, for a three hour Hands-On Purple Team Workshop on Wednesday, March 10, 2021! ***REGISTRATION REQUIRED*** ***Use a real email address*** In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Learn the basics of Command and Control (C2) - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary with SCYTHE 3.2 in a small environment consisting of a domain controller, member server, and a Linux system - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast: https://www.scythe.io/ptef https://www.scythe.io/library/ptef-workshop How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.

So you want to be a red teamer

Jorge Orchilles

Purple Team Use Case - Security Weekly

Jorge Orchilles

Everyone has heard of Purple Team by now, but how many have been able to quantify the value? In this talk, we cover all the roles of a Purple Team: Cyber Threat Intelligence, Red Team, Blue Team, and Exercise Coordination. We were asked to emulate various adversaries, with an increasing order of sophistication, while implementing defenses for the adversary TTPs. We were also asked to not spend any money on new technology. Instead, we had to tune the current security controls. See the results!

C2 Matrix Anniversary - Blackhat EU 2020

Jorge Orchilles

Main site: https://thec2matrix.com Golden Source: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/ How-To: https://howto.thec2matrix.com SANS Slingshot C2 Matrix Edition VM: https://howto.thec2matrix.com/slingshot-c2-matrix-edition YouTube: https://youtube.com/playlist?list=PLfgStsuvpUpoEG3BDuUqV-ipeUff4ImYm Feedback: https://thec2matrix.com/feedback Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls.

Purple Team Exercise Workshop December 2020

Jorge Orchilles

In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary in a small environment consisting of a domain controller and member server - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download and read the free Purple Team Exercise Framework (PTEF): https://scythe.io/ptef How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.

External Threat Hunters are Red Teamers

Jorge Orchilles

Evolution of Offensive Assessments - SecureWV Conference

Jorge Orchilles

Purple Team Exercise Hands-On Workshop #GrayHat

Jorge Orchilles

Evolution of Offensive Assessments - RootCon

Jorge Orchilles

DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker

Jorge Orchilles

Purple Team Exercise Framework Workshop #PTEF

Jorge Orchilles

Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it. Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 #ThreatThursday: https://www.scythe.io/threatthursday #C2Matrix: https://thec2matrix.com/ Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam SCYTHE Playbooks: https://github.com/scythe-io/community-threats #ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html VECTR: https://vectr.io/ Unicon: https://www.scythe.io/unicon2020

Purple Team Exercises - GRIMMCon

Jorge Orchilles

Offensive security and Ethical Hacking is about providing business value. One of the most efficient and effective ways to improve security is through Adversary Emulation Purple Team Exercises. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will cover how to run a high-value adversary emulation through a Purple Team Exercise. https://www.scythe.io/library/threatthursday-apt33

Cuddling the Cozy Bear Emulating APT29

Jorge Orchilles

Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.

Adversary Emulation - Red Team Village - Mayhem 2020

Jorge Orchilles

Presentation at DEF CON Red Team Village - Mayhem Virtual Summit 2020 Adversary Emulation - Red Team emulating APT19 with Empire3 and Starkiller Connect: https://twitter.com/jorgeorchilles https://twitter.com/c2_matrix References: https://mitre-attack.github.io/attack-navigator/enterprise/ https://attack.mitre.org/groups/G0073/ https://www.thec2matrix.com/ https://howto.thec2matrix.com/slingshot-c2-matrix-edition https://howto.thec2matrix.com/c2/empire#red-team-village-mayhem-demo-of-apt19 https://vectr.io/ https://www.scythe.io/

Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...

Jorge Orchilles

Ethical Hacking Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 Ethics isn't just permission: https://github.com/redteamethics/redteamethics Petition to support ethical hackers: https://www.change.org/p/organizations-support-ethical-hackers Vulnerability scanning tool used, Tenable Nessus: https://www.tenable.com/products/nessus Exploitation framework used: https://www.metasploit.com/ Vulnerability Management is hard: https://medium.com/@jorgeorchilles/vulnerability-management-is-hard-how-do-you-prioritize-what-to-patch-1fc8e163d740 Example vulnerability discussed (CVE-2020-0796 SMBGhost/CoronaBlue): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0796 https://nvd.nist.gov/vuln/detail/CVE-2020-0796 https://attackerkb.com/topics/2LCXe3EPAZ/cve-2020-0796---smbghost?referrer=home Evolve from CVE to TTP with MITRE ATT&CK: https://attack.mitre.org/ Threat Intelligence with ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ Choosing the correct Command and Control Framework: https://www.thec2matrix.com/ Virtual machine with 8 command and controls tools: SANS Slingshot C2 Matrix Edition: https://howto.thec2matrix.com/slingshot-c2-matrix-edition

Adversarial Emulation with the C2 Matrix - Wild West WebCastin Fest

Jorge Orchilles

Adversarial Emulation and the C2 Matrix - Presented at Wild West Hackin Fest ...

Jorge Orchilles

Open source tool release and updates: this is information for the community and a call to action! We have created an open-source C2 evaluation framework so that teams can easily determine what’s the best tool for penetration testing/red teaming particular scenarios. We’ll talk through why we built the framework, the components (server/agent languages, team vs user types, communication channel coverage, operating systems, capabilities, and support), the decision matrix (a workflow tool we call Ask the Matrix to help you sift through the data for what you need) and how to emulate an adversary (to be announced) across multiple frameworks highlighting the pro’s / con’s of each: infrastructure setup and host/network emulation.

C2 Matrix A Comparison of Command and Control Frameworks

Jorge Orchilles

Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 35 command and control frameworks documented in a Google Sheet, web site, and questionnaire format. Google Sheet (Golden Source): https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0 Website: https://www.thec2matrix.com/matrix https://ask.thec2matrix.com/ Follow on Twitter for updates: https://twitter.com/c2_matrix

Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises

Jorge Orchilles

Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles

More from Jorge Orchilles (20)

SCYTHE Purple Team Workshop with Tim Schulz

So you want to be a red teamer

Purple Team Use Case - Security Weekly

C2 Matrix Anniversary - Blackhat EU 2020

Purple Team Exercise Workshop December 2020

External Threat Hunters are Red Teamers

Evolution of Offensive Assessments - SecureWV Conference

Purple Team Exercise Hands-On Workshop #GrayHat

Evolution of Offensive Assessments - RootCon

DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker

Purple Team Exercise Framework Workshop #PTEF

Purple Team Exercises - GRIMMCon

Cuddling the Cozy Bear Emulating APT29

Adversary Emulation - Red Team Village - Mayhem 2020

Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...

Adversarial Emulation with the C2 Matrix - Wild West WebCastin Fest

Adversarial Emulation and the C2 Matrix - Presented at Wild West Hackin Fest ...

C2 Matrix A Comparison of Command and Control Frameworks

Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises

Windows Phone 8 Security and Testing WP8 Apps

Recently uploaded

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

RESUME BUILDER APPLICATION Project for students

KAMESHS29

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

Recently uploaded (20)

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

20240607 QFM018 Elixir Reading List May 2024

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

GridMate - End to end testing is a critical piece to ensure quality and avoid...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

20240609 QFM020 Irresponsible AI Reading List May 2024

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

The Art of the Pitch: WordPress Relationships and Sales

Communications Mining Series - Zero to Hero - Session 1

RESUME BUILDER APPLICATION Project for students

DevOps and Testing slides at DASA Connect

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Introduction to CHERI technology - Cybersecurity

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Blackhat 2020 Arsenal - C2 Matrix

1. C2 Matrix @JorgeOrchilles @BrysonBort

2. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS • Chief Technology Officer - SCYTHE • C2 Matrix Co-Creator • Purple Team Exercise Framework (PTEF) • 10 years @ Citi leading offensive security team • Certified SANS Instructor: SEC560, SEC504 • Author SEC564: Red Team Exercises and Adversary Emulation • CVSSv3.1 Working Group Voting Member • GFMA: Threat-Led Pen Test Framework • ISSA Fellow • NSI Technologist Fellow T1033 – Jorge Orchilles

3. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS • CEO/Founder - SCYTHE • C2 Matrix Co-Creator • Founder – GRIMM • Co-Founder – ICS Village • R Street Senior Fellow, National and Cybersecurity • Advisor to the Army Cyber Institute • NSI Senior Fellow T1033 – Bryson Bort

4. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS • Proliferation of Offensive Security Tools • Empire went EOL (it is now maintained by BC- Security) • Compendium of C2 frameworks • Added other capabilities • Began evaluating them to find the ideal one for red team engagement • Realized it can be used by Red and Blue Teams Why did we build this?

5. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS • Comparison of Command and Control (C2) Frameworks • Google Sheet of C2s • GUI: https://www.thec2matrix.com/ • Find ideal C2 for your needs: https://ask.thec2matrix.com • Gitbook on how to install and use the C2; setup lab environment; contribute; and defend: https://howto.thec2matrix.com • SANS Slingshot C2 Matrix Virtual Machine • @C2_Matrix & #C2Matrix on Twitter C2 Matrix

6. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS TheC2Matrix.com

7. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS GUI

8. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS Golden Source: Google Sheet https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0

9. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS Ask.thec2matrix.com

10. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS Howto.thec2matrix.com

11. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS SANS Slingshot C2 Matrix Edition

12. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS howto.thec2matrix.com/contribute

13. @C2_Matrix thec2matrix.com @JorgeOrchilles @BrysonBort #BHUSA @BLACKHATEVENTS Feedback

14. C2 Matrix Demo @JorgeOrchilles @BrysonBort