Join us at Way West Wild West Hackin’ Fest in Deadwood in September 2020: https://www.wildwesthackinfest.com/
Today’s Red Team isn’t enough.
Why do we care? Because we want to move our defenses and understanding beyond a detection-based approach which has repeatedly been demonstrated to fail.
Why did I build SCYTHE? What led me here?
- Fortune 50 Retailer Use Case
- Bounded Attack Space Philosophy – the atoms of an attack (different way to look at ATT&CK)
- Lessons Learned as a CNO expert coming into commercial/industry red teaming
Red Team vs Adversary Emulation – what’s done today vs what should be done
To white box or black box
- Such a disappointment = static identifiers, but no way to machine read for emulation
- Analyst reports! Sigh, you have to read and analyze to pull out capabilities and TTPs
- Neutered malware – awesome! But… risky and takes a decent amount of work to do, plus very prone to signature-based detection response
MITRE ATT&CK – what it can and can’t do for you.
- Common mistakes – rigid adherence, signature-based
Open Source Options:
- CALDERA – APT3 example (although, they didn’t really use CALDERA for this…)
- Powershell – great. Seen in the wild. But, not hard to defend… so limitations.
- Empire – based on… Powershell.
- Living off the Land – https://lolbas-project.github.io/
- Destruction: ransomware, wiper
- Credential Theft
Network Activities –
- C2 infrastructure
- Combination of host/network
- Combined visibility and reporting –
- How do you technically do this – SIEM/Analytics, red team strings/tagging
- Program strategy and direction – shared gap analysis
Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.
Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.