SlideShare une entreprise Scribd logo

Proactive cyber defence through adversary emulation for improving your security posture - Digit Oktavianto

idsecconf
idsecconf

Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.

Internet
1  sur  39
Télécharger pour lire hors ligne
Jakarta, Indonesia Proactive Cyber Defence Through Adversary Emulation for Improving Your Security Posture IDSECCONF 2021 - 4th December 2021 Digit Oktavianto @digitoktav https://threathunting.id https://blueteam.id/ 1 4/12/2021
Jakarta, Indonesia https://blueteam.id/ T1033 : System Owner/User Discovery ❖ Infosec Consulting Manager at Mitra Integrasi Informatika ❖ Co-Founder BlueTeam.ID (https://blueteam.id) ❖ Community Lead @ Cyber Defense Community Indonesia ❖ Member of Indonesia Honeynet Project ❖ Opreker and Researcher ❖ {GCIH | GMON | GCFE | GICSP | CEH | CSA | ECSA | ECIH | CHFI | CTIA | ECSS} Certifications Holder 2 4/12/2021
Jakarta, Indonesia • Intro : Phase of Security Assessment • What is Adversary Emulation About? • Adversary Emulation vs Adversary Simulation • Phase of Security Assessment • Benefit and Importance of Adversary Emulation • Developing Red Team Adversary Emulation Plan • Getting Started with Red Team Adversary Emulation https://blueteam.id/ Agenda 3 4/12/2021
Jakarta, Indonesia https://blueteam.id/ Intermezzo 4 4/12/2021
Jakarta, Indonesia https://blueteam.id/ Intermezzo 5 4/12/2021
Jakarta, Indonesia Introduction : Phase of Security Assessment https://blueteam.id/ 6 4/12/2021 Phase of Security Assessment
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 7 Pentest vs Adversary Emulation PENETRATION TEST ADVERSARY SIMULATION Identify and exploitvulnerabilities on a(series of) system(s) to assess security Focused on aspecific scope (typically an application or network range) Assess how resilient an organization is versus a certain adversary /threat actor Focused on the execution of ascenario (typically defined by anumber of flags) VS Both Penetration Tests and Adversary Simulation engagements have value. It’s however important to know the difference and the results you can expect! Typicallytests both prevention & detection (so is less valuableifthere is no blue team) Primarily tests prevention, typically less focus on detection
Jakarta, Indonesia Ohhh… Ummm….. 4/12/2021 https://blueteam.id/ 8
Jakarta, Indonesia What is Adversary Emulation About? https://blueteam.id/ 9 4/12/2021
Jakarta, Indonesia Introduction : Adversary Emulation Adversary Emulation is a type of red teaming activities which focuses on the emulation of a specific adversaries / threat actor and leverage the threat intelligence to define the behavior and TTPs that will be used in the emulation plan. https://blueteam.id/ 10 4/12/2021
Jakarta, Indonesia Threat Informed Defense Threat-informed defense applies a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks. It's a community-based approach to a worldwide challenge. More info : https://www.mitre.org/news/focal-points/threat-informed-defense https://blueteam.id/ 11 4/12/2021
Jakarta, Indonesia Adversary Emulation vs Adversary Simulation • Adversary Emulation : a process of imitate the activities or mimicking or copying the adversaries or threat actor behavior. • Adversary Simulation : a process of simulate or represent the functioning of adversaries or threat actor behavior when attacking the target. Tim MalcomVetter mentioned in his blog post (https://malcomvetter.medium.com/emulation-simulation-false-flags-b8f660734482) about this : • Emulation implies an EXACTNESS to the copy, whereas Simulation only implies SIMILARITY with some freedom to be different. I am totally agree with his opinion. https://blueteam.id/ 12 4/12/2021
Jakarta, Indonesia Introduction : Adversary Emulation https://blueteam.id/ 13 4/12/2021 Jorge Orchilles’s Slide About Adversary Emulation (https://www.slideshare.net/jorgeorchilles/adversary-emulation-and-red-team- exercises-educause)
Jakarta, Indonesia Introduction : Adversary Emulation • Jorge Orchilles and Scythe in their blogpost differentiate term of red teaming, adversary emuation / simulation and purple teaming in this statement : • “Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement.” • Based on that statement, it can be conclude that Red Teaming and Purple Teaming is part of Adversary Emulation. It depends on the engagement, if the engagement performed without Blue Team knowing the activities, than it is called as red teaming. If the engagement involved blue team, then it is called purple teaming. https://blueteam.id/ 14 4/12/2021
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 15 MITRE ATTCK Framework "MITRE ATT&CK™ is aglobally-accessible knowledge base of adversary tactics and techniques based on real-worldobservations.TheATT&CK knowledge base is used as afoundation for the development of specific threat models and methodologiesin the private sector , in government, and in the cybersecurityproduct and service community.” – MITRE ATT&CK website Tactics are used to describe high-levels attackstepsused byan adversary.These can be compared to the “steps” in the Lockheed Martin Cyber Kill Chain © Tactics & Techniques MITRE ATT&CK assumes breach and thus the “first”tacticis initial intrusion. Any activityperformedbefore is coveredbythe PRE-ATT&CK framework. How a certain tactic is executed is described by a variety of techniques. For every technique, MITRE ATT&CK includes a description, detection & prevention recommendationsand known threat actors who use the technique.
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 16 MITRE ATT&CK Tactics Techniques
Jakarta, Indonesia Benefit and Importance of Red Teaming and Adversary Emulation https://blueteam.id/ 17 4/12/2021
Jakarta, Indonesia Benefit and Importance of Adversary Emulation • Adversary Emulation is just like IR and Tabletop Exercise, but in different perspective. This exercise allows your organization to test your security team against the latest threats used by real threat actor which posing the greatest risk to your organization in specific industry. • Adversary emulation giving proof of how a targeted attacker could penetrate your infrastructure and compromise sensitive assets, and/or documentation. • Adversary emulation showing that defensive capabilities succeed / failed in preventing + responding the simulated attack. It is giving you analysis of your organization’s strengths and weaknesses based on the result of the simulation. • Adversary emulation can help you not only to prioritize current existing technology capability improvement, but also also giving you a recommendation for future investments and provide recommendations for maturing your cybersecurity posture. • A focus on objective-based testing demonstrates the effectiveness of your security controls • Adversary Emulation can help you to measure your organization’s cybersecurity maturity level by evaluating it across the kill chain phases of the MITRE ATT&CK® framework or other relevant frameworks. https://blueteam.id/ 18 4/12/2021
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 19 Benefit and Importance of Adversary Emulation *Stephen Sims – RSA Conference 2019 : Live Adversary Simulation: Red and Blue Team Tactics
Jakarta, Indonesia Developing Red Team Adversary Emulation Plan https://blueteam.id/ 20 4/12/2021
Jakarta, Indonesia Developing Red Team Adversary Emulation Plan https://blueteam.id/ 21 4/12/2021 Adam Pennington’s Slide : Leveraging MITRE ATT&CK for Detection, Analysis & Defense (https://www.slideshare.net/AdamPennington4/rhisac-summit-2019-adam-pennington-leveraging-mitre- attck-for-detection-analysis-defense)
Jakarta, Indonesia Developing Red Team Adversary Emulation Plan I quote a paragraph from Tim MalcomVetter About Emulation Plan in Practice (https://malcomvetter.medium.com/emulation-simulation-false-flags-b8f660734482): “In practice, emulating is very hard. First, not all threat actors have publicly or privately available intelligence in the format necessary to complete all of the threat actors’ steps with the precision required to meet the definition. Second, even for those that do, certain key steps may be out of bounds, legally, for the person “replaying them” (such as compromising third party infrastructure). Third, the “programmed TTPs” were collected at a single point in time, and techniques that were used during that string of events may not be reused in the future by that threat actor, so replaying them with precision may not be that valuable of an exercise.” https://blueteam.id/ 22 4/12/2021
Jakarta, Indonesia Developing Adversary Emulation Plan Adversary emulation plans are based on known-adversary TTPs (Tactic, Technique, and Procedure) and designed to empower red teams to emulate a specific threat actor in order to test and evaluate defensive capabilities from a threat-informed perspective. • Each emulation plan focuses on a specific named threat actor. • Each adversary emulation plan is gathered from threat intelligence reports and other artifacts that capture and describe breaches and campaigns publicly attributed to a specific named threat actor • To develop each plan, Red Team should do the research and model each threat actor, focusing not only on what they do (e.g.: gather credentials from victims) but also how (using what specific tools/utilities/commands?) and when (during what stage of a breach?) • Red Team then develop the emulation content that mimics the underlying behaviors utilized by the threat actor • To describe the details flow of emulation plan, Red Team should develop the operational flow which provides a high-level summary of the captured scenario(s). • The scenario(s) of emulation plan is broken down into step-by-step procedures provided in both human and machine-readable formats. (like .yaml in Caldera for example). Scenarios can be executed end-to-end or as individual tests. • The emulation plan scenarios will vary based on the adversary and available intelligence, but typically follow a sequential progression of how the actor breaches then works towards achieving their operational objectives within a victim environment https://blueteam.id/ 23 4/12/2021
Jakarta, Indonesia Developing Adversary Emulation Plan https://blueteam.id/ 24 4/12/2021 T o demonstratethe potential of ATT&CK, MITRE developed an emulation planforAPT3 (it’smainlyused as a showcase for MITRE ATT&CK). It’s agreat example of how the ATT&CK framework can be leveraged to develop aconcreteaction planto emulate aspecific adversary. Source: https://attack.mitre.org/resources/adversary-emulation-plans/
Jakarta, Indonesia Getting Started with The Adversary Emulation https://blueteam.id/ 25 4/12/2021
Jakarta, Indonesia Getting Started with the Adversary Emulation When starting the Adversary Emulation Exercise, Emulation Plan is one of the most critical part. The Emulation Plan section is a specific, detailed breakdown of the tactics of the adversary group. 1. For developing the Emulation Plan, red team firstly must gather the threat intelligence document related to threat actor group that they want to emulate. 2. Red team must identify the tactics the adversary group uses for an attack, along with the particular techniques and procedures for each tactic. Mostly the TTPs defined based on MITRE ATTCK Framework as a standard. 3. To detail an emulation plan in exercise, red team must breakdown the tools that they will use to emulate the particular TTP. This information is available as part of the MITRE ATT&CK descriptionof the adversary group, and also from Threat Intelligence Report. 4. Red Team also need to build the infrastructure as part of the emulation plan such as C2 Infrastructure, or Infrastructurefor collecting sensitive data after exfiltration phase (if any) 5. Execute the emulation plan as procedure and workflow defined in the exercise. Follow up the result of the exercise. https://blueteam.id/ 26 4/12/2021
Jakarta, Indonesia What Technique Should We Prioritize 4/12/2021 https://blueteam.id/ 27 So how do I know what techniques are most important? Criteria #1 Overall popularity of the technique The overall popularity of an ATT&CK technique is a good indicator of how important it is to cover it (using either preventive or detective controls). In 2020, Picus Security released a presentation where they highlighted Top 10 key techniques! Furthermore, many vendors provide “ATT&CK Heat Maps” where they describe what techniques they most frequently observe. Criteria #2 Relevance of threat actors for yourorganization Next to the overall “popularity” of atechnique, there is of course another factor: Is the technique known to be used by an adversary that is interested in your organization? ATT&CK has information on what techniques are used by what actors. In order to figure out what threat actors are relevant for your industry or organization, it helps to follow up on threat intelligencereports. https://www.picussecurity.com/resource/the-top-ten-mitre-attck-techniques
Jakarta, Indonesia Getting Started with the Adversary Emulation When starting the Adversary Emulation Exercise, Emulation Plan is one of the most critical part. The Emulation Plan section is a specific, detailed breakdown of the tactics of the adversary group. 1. For developing the Emulation Plan, red team firstly must gather the threat intelligence document related to threat actor group that they want to emulate. 2. Red team must identify the tactics the adversary group uses for an attack, along with the particular techniques and procedures for each tactic. Mostly the TTPs defined based on MITRE ATTCK Framework as a standard. 3. To detail an emulation plan in exercise, red team must breakdown the tools that they will use to emulate the particular TTP. This information is available as part of the MITRE ATT&CK descriptionof the adversary group, and also from Threat Intelligence Report. 4. Red Team also need to build the infrastructure as part of the emulation plan such as C2 Infrastructure, or Infrastructurefor collecting sensitive data after exfiltration phase (if any) 5. Execute the emulation plan as procedure and workflow defined in the exercise. Follow up the result of the exercise. https://blueteam.id/ 28 4/12/2021
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 29 Building Plan for Red Teaming Adversary Emulation What threat actors (and related adversary techniques) are relevant to the organization? What techniques does the organization believe are covered by security controls? What techniques does the organization believe are detected by monitoring use cases? How much time & effort will be spent duringthe engagement? During both red teamand purple teamengagements,building agood adversary emulation plan is crucial to success.The emulation plan should mimic an actualadversary and caninclude distinct phases. In MITRE’s APT3 emulation plan, the following phases aredistinguished: 1. Set up adversary infrastructure (e.g.C2) and obtain initial execution (Initial Access) 2. Internal discovery, privilege escalation and lateralmovement (Lateral movement) 3. Collection,staging and exfiltration (Action on Objectives) So what techniques should you select as part of your plan? There’s afew criteria to takeinto account;
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 30 Example of Plan EMULATION PLAN FOR APT-28 PHASE 1 PHASE 2 PHASE 3 InitialAccess T1192 - Spearphishing Link Execution T1086 - PowerShell Persistence T1122 - C O M Hijacking Privilege Escalation T1078 -ValidAccounts Defense Evasion T1107 - File Deletion Lateral Movement T1075 – PassThe Hash Not every plan needs to cover every single tactic! Improvise! Exfiltration T1041 - Exfil over C&C
Jakarta, Indonesia Tracking Result for Adversary Emulation Engagement Vectr.io from SecurityRiskAdvisors (https://github.com/SecurityRiskAdvisors/VECTR) ❖3 main components; Assessment Group, Campaign, and Test Case. ❖Each campaign can contains several test case. ❖Create the test case for adversary emulation plans that are mapped to MITRE ATT&CK technique & tactic ❖Set the Blue Team Tools (Detection Technology are being assessed) ❖Configurethe detection layer ❖Set the Red Team Tools (BAS Tools which are being used to “test” the Target) ❖See the summary and result of the assessment 4/12/2021 https://blueteam.id/ 31
Jakarta, Indonesia VECTR Campaign 4/12/2021 https://blueteam.id/ 32
Jakarta, Indonesia VECTRTest Case (Red & Blue)Team 4/12/2021 https://blueteam.id/ 33
Jakarta, Indonesia VECTR Reporting 4/12/2021 https://blueteam.id/ 34
Jakarta, Indonesia Notable Tools and Resources for Adversary Emulation Some notable tools for adversary emulation : • Caldera (MITRE) • Atomic Red Team (Red Canary) • APT Simulator • Red Team Automation (Endgame) • Infection Monkey (Guardicore) • Blue Team Toolkit (BT3) (Encripto) • AutoTTP (https://github.com/jymcheong/AutoTTP) • Purple Team ATT&CK Automation (https://github.com/praetorian-inc/purple- team-attack-automation) • ATTPwn (https://github.com/ElevenPaths/ATTPwn) • PurpleSharp (https://github.com/mvelazc0/PurpleSharp) • Prelude Operator (https://www.prelude.org/) https://blueteam.id/ 35 4/12/2021
Jakarta, Indonesia Notable Tools and Resources for Adversary Emulation Some notable tools for developing adversary emulation : • MITRE ATT&CK Navigator • NSA Unfetter (https://nsacyber.github.io/unfetter/) • MITRE Cyber Analytical Repository (https://car.mitre.org/) • VECTR (More into for your Purple Teaming) • _YOUR THREAT INTEL REPORT_ Provider https://blueteam.id/ 36 4/12/2021
Jakarta, Indonesia • Adversary emulation is needed by organization to fill the gaps for their current existing security assessment activity • Adversary Emulation is HARD. Combining the threat intelligence and Adversary TTPs is not a simple task to do. • Threat-informed defense approach needed by every organization to get a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks. • Developing Adversary Emulation Plan is a Critical part in Red Teaming Adversary Emulation Exercise before the Execution of scenarios defined. • Red Team showing that defensive capabilities succeed / failed in preventing + responding the simulated attack. It is giving you analysis of your organization’s strengths and weaknesses based on the result of the simulation • Adversary Emulation can help you to measure your organization’s cybersecurity maturity level by evaluating it across the kill chain phases of the MITRE ATT&CK framework or other relevant frameworks. https://blueteam.id/ TLDR ; Summary and Key Takeaway 37 4/12/2021
Jakarta, Indonesia 4/12/2021 https://blueteam.id/ Final Thought 38
Jakarta, Indonesia THANK YOU Q & A https://blueteam.id/ 39 4/12/2021

Recommandé

The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...idsecconf
 

Recommandé

The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...idsecconf
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0Dr. C.V. Suresh Babu
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CKMITRE ATT&CK
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfidsecconf
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Digit Oktavianto
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramDigit Oktavianto
 

Contenu connexe

Tendances

Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CKMITRE ATT&CK
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfidsecconf
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE - ATT&CKcon
 

Tendances (20)

Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CK
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
 

Similaire à Proactive cyber defence through adversary emulation for improving your security posture - Digit Oktavianto

Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Digit Oktavianto
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramDigit Oktavianto
 
A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programidsecconf
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...DataScienceConferenc1
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
BLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITY
BLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITYBLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITY
BLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITYijcseit
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMarc St-Pierre
 
From Threat Intelligence to Defense Intelligence with a Cup of CACAO
From Threat Intelligence to Defense Intelligence with a Cup of CACAOFrom Threat Intelligence to Defense Intelligence with a Cup of CACAO
From Threat Intelligence to Defense Intelligence with a Cup of CACAOVasileios Mavroeidis
 
A Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) HackingA Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...Shakas Technologies
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Lifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threatLifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threatBee_Ware
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Red Hat vs. Blue Hat Which Is Better_.pptx
Red Hat vs. Blue Hat Which Is Better_.pptxRed Hat vs. Blue Hat Which Is Better_.pptx
Red Hat vs. Blue Hat Which Is Better_.pptxCCNMumbai
 

Similaire à Proactive cyber defence through adversary emulation for improving your security posture - Digit Oktavianto (20)

Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
 
A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting program
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
BLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITY
BLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITYBLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITY
BLOCK-AD: BLOCKCHAIN ATTACK-DEFENSE CTF COMPETITION FOR NEXT-WEB3 SECURITY
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
 
From Threat Intelligence to Defense Intelligence with a Cup of CACAO
From Threat Intelligence to Defense Intelligence with a Cup of CACAOFrom Threat Intelligence to Defense Intelligence with a Cup of CACAO
From Threat Intelligence to Defense Intelligence with a Cup of CACAO
 
A Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) HackingA Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) Hacking
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
 
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Lifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threatLifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threat
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
 
Red Hat vs. Blue Hat Which Is Better_.pptx
Red Hat vs. Blue Hat Which Is Better_.pptxRed Hat vs. Blue Hat Which Is Better_.pptx
Red Hat vs. Blue Hat Which Is Better_.pptx
 

Plus de idsecconf

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfidsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...idsecconf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...idsecconf
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfidsecconf
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidadaidsecconf
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaidsecconf
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwiantoidsecconf
 
Stream crime
Stream crime Stream crime
Stream crime idsecconf
 
(Paper) Mips botnet worm with open wrt sdk toolchains
(Paper) Mips botnet worm with open wrt sdk toolchains(Paper) Mips botnet worm with open wrt sdk toolchains
(Paper) Mips botnet worm with open wrt sdk toolchainsidsecconf
 
Mips router targeted worm botnet
Mips router targeted worm botnetMips router targeted worm botnet
Mips router targeted worm botnetidsecconf
 
The achilles heel of GPN Card implementation
The achilles heel of GPN Card implementationThe achilles heel of GPN Card implementation
The achilles heel of GPN Card implementationidsecconf
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpickidsecconf
 
Paper - semi-automated information gathering tools for subdomain enumeration ...
Paper - semi-automated information gathering tools for subdomain enumeration ...Paper - semi-automated information gathering tools for subdomain enumeration ...
Paper - semi-automated information gathering tools for subdomain enumeration ...idsecconf
 

Plus de idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdf
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
 
Stream crime
Stream crime Stream crime
Stream crime
 
(Paper) Mips botnet worm with open wrt sdk toolchains
(Paper) Mips botnet worm with open wrt sdk toolchains(Paper) Mips botnet worm with open wrt sdk toolchains
(Paper) Mips botnet worm with open wrt sdk toolchains
 
Mips router targeted worm botnet
Mips router targeted worm botnetMips router targeted worm botnet
Mips router targeted worm botnet
 
The achilles heel of GPN Card implementation
The achilles heel of GPN Card implementationThe achilles heel of GPN Card implementation
The achilles heel of GPN Card implementation
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
 
Paper - semi-automated information gathering tools for subdomain enumeration ...
Paper - semi-automated information gathering tools for subdomain enumeration ...Paper - semi-automated information gathering tools for subdomain enumeration ...
Paper - semi-automated information gathering tools for subdomain enumeration ...
 

Dernier

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 

Dernier (20)

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 

Proactive cyber defence through adversary emulation for improving your security posture - Digit Oktavianto

  • 1. Jakarta, Indonesia Proactive Cyber Defence Through Adversary Emulation for Improving Your Security Posture IDSECCONF 2021 - 4th December 2021 Digit Oktavianto @digitoktav https://threathunting.id https://blueteam.id/ 1 4/12/2021
  • 2. Jakarta, Indonesia https://blueteam.id/ T1033 : System Owner/User Discovery ❖ Infosec Consulting Manager at Mitra Integrasi Informatika ❖ Co-Founder BlueTeam.ID (https://blueteam.id) ❖ Community Lead @ Cyber Defense Community Indonesia ❖ Member of Indonesia Honeynet Project ❖ Opreker and Researcher ❖ {GCIH | GMON | GCFE | GICSP | CEH | CSA | ECSA | ECIH | CHFI | CTIA | ECSS} Certifications Holder 2 4/12/2021
  • 3. Jakarta, Indonesia • Intro : Phase of Security Assessment • What is Adversary Emulation About? • Adversary Emulation vs Adversary Simulation • Phase of Security Assessment • Benefit and Importance of Adversary Emulation • Developing Red Team Adversary Emulation Plan • Getting Started with Red Team Adversary Emulation https://blueteam.id/ Agenda 3 4/12/2021
  • 6. Jakarta, Indonesia Introduction : Phase of Security Assessment https://blueteam.id/ 6 4/12/2021 Phase of Security Assessment
  • 7. Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 7 Pentest vs Adversary Emulation PENETRATION TEST ADVERSARY SIMULATION Identify and exploitvulnerabilities on a(series of) system(s) to assess security Focused on aspecific scope (typically an application or network range) Assess how resilient an organization is versus a certain adversary /threat actor Focused on the execution of ascenario (typically defined by anumber of flags) VS Both Penetration Tests and Adversary Simulation engagements have value. It’s however important to know the difference and the results you can expect! Typicallytests both prevention & detection (so is less valuableifthere is no blue team) Primarily tests prevention, typically less focus on detection
  • 9. Jakarta, Indonesia What is Adversary Emulation About? https://blueteam.id/ 9 4/12/2021
  • 10. Jakarta, Indonesia Introduction : Adversary Emulation Adversary Emulation is a type of red teaming activities which focuses on the emulation of a specific adversaries / threat actor and leverage the threat intelligence to define the behavior and TTPs that will be used in the emulation plan. https://blueteam.id/ 10 4/12/2021
  • 11. Jakarta, Indonesia Threat Informed Defense Threat-informed defense applies a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks. It's a community-based approach to a worldwide challenge. More info : https://www.mitre.org/news/focal-points/threat-informed-defense https://blueteam.id/ 11 4/12/2021
  • 12. Jakarta, Indonesia Adversary Emulation vs Adversary Simulation • Adversary Emulation : a process of imitate the activities or mimicking or copying the adversaries or threat actor behavior. • Adversary Simulation : a process of simulate or represent the functioning of adversaries or threat actor behavior when attacking the target. Tim MalcomVetter mentioned in his blog post (https://malcomvetter.medium.com/emulation-simulation-false-flags-b8f660734482) about this : • Emulation implies an EXACTNESS to the copy, whereas Simulation only implies SIMILARITY with some freedom to be different. I am totally agree with his opinion. https://blueteam.id/ 12 4/12/2021
  • 13. Jakarta, Indonesia Introduction : Adversary Emulation https://blueteam.id/ 13 4/12/2021 Jorge Orchilles’s Slide About Adversary Emulation (https://www.slideshare.net/jorgeorchilles/adversary-emulation-and-red-team- exercises-educause)
  • 14. Jakarta, Indonesia Introduction : Adversary Emulation • Jorge Orchilles and Scythe in their blogpost differentiate term of red teaming, adversary emuation / simulation and purple teaming in this statement : • “Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement.” • Based on that statement, it can be conclude that Red Teaming and Purple Teaming is part of Adversary Emulation. It depends on the engagement, if the engagement performed without Blue Team knowing the activities, than it is called as red teaming. If the engagement involved blue team, then it is called purple teaming. https://blueteam.id/ 14 4/12/2021
  • 15. Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 15 MITRE ATTCK Framework "MITRE ATT&CK™ is aglobally-accessible knowledge base of adversary tactics and techniques based on real-worldobservations.TheATT&CK knowledge base is used as afoundation for the development of specific threat models and methodologiesin the private sector , in government, and in the cybersecurityproduct and service community.” – MITRE ATT&CK website Tactics are used to describe high-levels attackstepsused byan adversary.These can be compared to the “steps” in the Lockheed Martin Cyber Kill Chain © Tactics & Techniques MITRE ATT&CK assumes breach and thus the “first”tacticis initial intrusion. Any activityperformedbefore is coveredbythe PRE-ATT&CK framework. How a certain tactic is executed is described by a variety of techniques. For every technique, MITRE ATT&CK includes a description, detection & prevention recommendationsand known threat actors who use the technique.
  • 16. Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 16 MITRE ATT&CK Tactics Techniques
  • 17. Jakarta, Indonesia Benefit and Importance of Red Teaming and Adversary Emulation https://blueteam.id/ 17 4/12/2021
  • 18. Jakarta, Indonesia Benefit and Importance of Adversary Emulation • Adversary Emulation is just like IR and Tabletop Exercise, but in different perspective. This exercise allows your organization to test your security team against the latest threats used by real threat actor which posing the greatest risk to your organization in specific industry. • Adversary emulation giving proof of how a targeted attacker could penetrate your infrastructure and compromise sensitive assets, and/or documentation. • Adversary emulation showing that defensive capabilities succeed / failed in preventing + responding the simulated attack. It is giving you analysis of your organization’s strengths and weaknesses based on the result of the simulation. • Adversary emulation can help you not only to prioritize current existing technology capability improvement, but also also giving you a recommendation for future investments and provide recommendations for maturing your cybersecurity posture. • A focus on objective-based testing demonstrates the effectiveness of your security controls • Adversary Emulation can help you to measure your organization’s cybersecurity maturity level by evaluating it across the kill chain phases of the MITRE ATT&CK® framework or other relevant frameworks. https://blueteam.id/ 18 4/12/2021
  • 19. Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 19 Benefit and Importance of Adversary Emulation *Stephen Sims – RSA Conference 2019 : Live Adversary Simulation: Red and Blue Team Tactics
  • 20. Jakarta, Indonesia Developing Red Team Adversary Emulation Plan https://blueteam.id/ 20 4/12/2021
  • 21. Jakarta, Indonesia Developing Red Team Adversary Emulation Plan https://blueteam.id/ 21 4/12/2021 Adam Pennington’s Slide : Leveraging MITRE ATT&CK for Detection, Analysis & Defense (https://www.slideshare.net/AdamPennington4/rhisac-summit-2019-adam-pennington-leveraging-mitre- attck-for-detection-analysis-defense)
  • 22. Jakarta, Indonesia Developing Red Team Adversary Emulation Plan I quote a paragraph from Tim MalcomVetter About Emulation Plan in Practice (https://malcomvetter.medium.com/emulation-simulation-false-flags-b8f660734482): “In practice, emulating is very hard. First, not all threat actors have publicly or privately available intelligence in the format necessary to complete all of the threat actors’ steps with the precision required to meet the definition. Second, even for those that do, certain key steps may be out of bounds, legally, for the person “replaying them” (such as compromising third party infrastructure). Third, the “programmed TTPs” were collected at a single point in time, and techniques that were used during that string of events may not be reused in the future by that threat actor, so replaying them with precision may not be that valuable of an exercise.” https://blueteam.id/ 22 4/12/2021
  • 23. Jakarta, Indonesia Developing Adversary Emulation Plan Adversary emulation plans are based on known-adversary TTPs (Tactic, Technique, and Procedure) and designed to empower red teams to emulate a specific threat actor in order to test and evaluate defensive capabilities from a threat-informed perspective. • Each emulation plan focuses on a specific named threat actor. • Each adversary emulation plan is gathered from threat intelligence reports and other artifacts that capture and describe breaches and campaigns publicly attributed to a specific named threat actor • To develop each plan, Red Team should do the research and model each threat actor, focusing not only on what they do (e.g.: gather credentials from victims) but also how (using what specific tools/utilities/commands?) and when (during what stage of a breach?) • Red Team then develop the emulation content that mimics the underlying behaviors utilized by the threat actor • To describe the details flow of emulation plan, Red Team should develop the operational flow which provides a high-level summary of the captured scenario(s). • The scenario(s) of emulation plan is broken down into step-by-step procedures provided in both human and machine-readable formats. (like .yaml in Caldera for example). Scenarios can be executed end-to-end or as individual tests. • The emulation plan scenarios will vary based on the adversary and available intelligence, but typically follow a sequential progression of how the actor breaches then works towards achieving their operational objectives within a victim environment https://blueteam.id/ 23 4/12/2021
  • 24. Jakarta, Indonesia Developing Adversary Emulation Plan https://blueteam.id/ 24 4/12/2021 T o demonstratethe potential of ATT&CK, MITRE developed an emulation planforAPT3 (it’smainlyused as a showcase for MITRE ATT&CK). It’s agreat example of how the ATT&CK framework can be leveraged to develop aconcreteaction planto emulate aspecific adversary. Source: https://attack.mitre.org/resources/adversary-emulation-plans/
  • 25. Jakarta, Indonesia Getting Started with The Adversary Emulation https://blueteam.id/ 25 4/12/2021
  • 26. Jakarta, Indonesia Getting Started with the Adversary Emulation When starting the Adversary Emulation Exercise, Emulation Plan is one of the most critical part. The Emulation Plan section is a specific, detailed breakdown of the tactics of the adversary group. 1. For developing the Emulation Plan, red team firstly must gather the threat intelligence document related to threat actor group that they want to emulate. 2. Red team must identify the tactics the adversary group uses for an attack, along with the particular techniques and procedures for each tactic. Mostly the TTPs defined based on MITRE ATTCK Framework as a standard. 3. To detail an emulation plan in exercise, red team must breakdown the tools that they will use to emulate the particular TTP. This information is available as part of the MITRE ATT&CK descriptionof the adversary group, and also from Threat Intelligence Report. 4. Red Team also need to build the infrastructure as part of the emulation plan such as C2 Infrastructure, or Infrastructurefor collecting sensitive data after exfiltration phase (if any) 5. Execute the emulation plan as procedure and workflow defined in the exercise. Follow up the result of the exercise. https://blueteam.id/ 26 4/12/2021
  • 27. Jakarta, Indonesia What Technique Should We Prioritize 4/12/2021 https://blueteam.id/ 27 So how do I know what techniques are most important? Criteria #1 Overall popularity of the technique The overall popularity of an ATT&CK technique is a good indicator of how important it is to cover it (using either preventive or detective controls). In 2020, Picus Security released a presentation where they highlighted Top 10 key techniques! Furthermore, many vendors provide “ATT&CK Heat Maps” where they describe what techniques they most frequently observe. Criteria #2 Relevance of threat actors for yourorganization Next to the overall “popularity” of atechnique, there is of course another factor: Is the technique known to be used by an adversary that is interested in your organization? ATT&CK has information on what techniques are used by what actors. In order to figure out what threat actors are relevant for your industry or organization, it helps to follow up on threat intelligencereports. https://www.picussecurity.com/resource/the-top-ten-mitre-attck-techniques
  • 28. Jakarta, Indonesia Getting Started with the Adversary Emulation When starting the Adversary Emulation Exercise, Emulation Plan is one of the most critical part. The Emulation Plan section is a specific, detailed breakdown of the tactics of the adversary group. 1. For developing the Emulation Plan, red team firstly must gather the threat intelligence document related to threat actor group that they want to emulate. 2. Red team must identify the tactics the adversary group uses for an attack, along with the particular techniques and procedures for each tactic. Mostly the TTPs defined based on MITRE ATTCK Framework as a standard. 3. To detail an emulation plan in exercise, red team must breakdown the tools that they will use to emulate the particular TTP. This information is available as part of the MITRE ATT&CK descriptionof the adversary group, and also from Threat Intelligence Report. 4. Red Team also need to build the infrastructure as part of the emulation plan such as C2 Infrastructure, or Infrastructurefor collecting sensitive data after exfiltration phase (if any) 5. Execute the emulation plan as procedure and workflow defined in the exercise. Follow up the result of the exercise. https://blueteam.id/ 28 4/12/2021
  • 29. Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 29 Building Plan for Red Teaming Adversary Emulation What threat actors (and related adversary techniques) are relevant to the organization? What techniques does the organization believe are covered by security controls? What techniques does the organization believe are detected by monitoring use cases? How much time & effort will be spent duringthe engagement? During both red teamand purple teamengagements,building agood adversary emulation plan is crucial to success.The emulation plan should mimic an actualadversary and caninclude distinct phases. In MITRE’s APT3 emulation plan, the following phases aredistinguished: 1. Set up adversary infrastructure (e.g.C2) and obtain initial execution (Initial Access) 2. Internal discovery, privilege escalation and lateralmovement (Lateral movement) 3. Collection,staging and exfiltration (Action on Objectives) So what techniques should you select as part of your plan? There’s afew criteria to takeinto account;
  • 30. Jakarta, Indonesia 4/12/2021 https://blueteam.id/ 30 Example of Plan EMULATION PLAN FOR APT-28 PHASE 1 PHASE 2 PHASE 3 InitialAccess T1192 - Spearphishing Link Execution T1086 - PowerShell Persistence T1122 - C O M Hijacking Privilege Escalation T1078 -ValidAccounts Defense Evasion T1107 - File Deletion Lateral Movement T1075 – PassThe Hash Not every plan needs to cover every single tactic! Improvise! Exfiltration T1041 - Exfil over C&C
  • 31. Jakarta, Indonesia Tracking Result for Adversary Emulation Engagement Vectr.io from SecurityRiskAdvisors (https://github.com/SecurityRiskAdvisors/VECTR) ❖3 main components; Assessment Group, Campaign, and Test Case. ❖Each campaign can contains several test case. ❖Create the test case for adversary emulation plans that are mapped to MITRE ATT&CK technique & tactic ❖Set the Blue Team Tools (Detection Technology are being assessed) ❖Configurethe detection layer ❖Set the Red Team Tools (BAS Tools which are being used to “test” the Target) ❖See the summary and result of the assessment 4/12/2021 https://blueteam.id/ 31
  • 33. Jakarta, Indonesia VECTRTest Case (Red & Blue)Team 4/12/2021 https://blueteam.id/ 33
  • 35. Jakarta, Indonesia Notable Tools and Resources for Adversary Emulation Some notable tools for adversary emulation : • Caldera (MITRE) • Atomic Red Team (Red Canary) • APT Simulator • Red Team Automation (Endgame) • Infection Monkey (Guardicore) • Blue Team Toolkit (BT3) (Encripto) • AutoTTP (https://github.com/jymcheong/AutoTTP) • Purple Team ATT&CK Automation (https://github.com/praetorian-inc/purple- team-attack-automation) • ATTPwn (https://github.com/ElevenPaths/ATTPwn) • PurpleSharp (https://github.com/mvelazc0/PurpleSharp) • Prelude Operator (https://www.prelude.org/) https://blueteam.id/ 35 4/12/2021
  • 36. Jakarta, Indonesia Notable Tools and Resources for Adversary Emulation Some notable tools for developing adversary emulation : • MITRE ATT&CK Navigator • NSA Unfetter (https://nsacyber.github.io/unfetter/) • MITRE Cyber Analytical Repository (https://car.mitre.org/) • VECTR (More into for your Purple Teaming) • _YOUR THREAT INTEL REPORT_ Provider https://blueteam.id/ 36 4/12/2021
  • 37. Jakarta, Indonesia • Adversary emulation is needed by organization to fill the gaps for their current existing security assessment activity • Adversary Emulation is HARD. Combining the threat intelligence and Adversary TTPs is not a simple task to do. • Threat-informed defense approach needed by every organization to get a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks. • Developing Adversary Emulation Plan is a Critical part in Red Teaming Adversary Emulation Exercise before the Execution of scenarios defined. • Red Team showing that defensive capabilities succeed / failed in preventing + responding the simulated attack. It is giving you analysis of your organization’s strengths and weaknesses based on the result of the simulation • Adversary Emulation can help you to measure your organization’s cybersecurity maturity level by evaluating it across the kill chain phases of the MITRE ATT&CK framework or other relevant frameworks. https://blueteam.id/ TLDR ; Summary and Key Takeaway 37 4/12/2021
  • 39. Jakarta, Indonesia THANK YOU Q & A https://blueteam.id/ 39 4/12/2021