Workshop: Automating Attacks – Alex Martirosyan

With the latest advancements of attack and breach simulation tools, many organizations are still playing catchup to know where to begin. Endpoint detection and response (EDR) tools have become heavily relied upon with default configurations. As an industry, we have pushed a lot of the responsibility of managed service providers without fully understanding what we are signing up for. This workshop will help beginners understand what the latest buzzwords mean such as Atomic Testing, Micro Emulation Plans, and Purple Teaming. With a common understanding, we will then use a lab environment to execute an emulation plan to learn from offensive and defensive outcomes. Mixing red and blue is a good start but requires careful planning and goals to be successful. We will start simple and build more complex plans so that you can immediately take away how to incorporate similar processes internally.

Our assumptions about defensive controls are rarely validated through active testing or standard day-to-day activity due to the complexities of a behavior or technique. Penetration tests are point in time and typically on a standard calendar cycle. The need for defenders to understand offensive actions and capabilities has grown to be to ensure controls are working as intended. These types of assessments demonstrate a tools value to the business or create a case for the need of a specific investment.