У нас вы можете посмотреть бесплатно Adversarial Emulation - Bryson Bort или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
204.37 MB
274.45 MB
421.97 MB
646.85 MB
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
https://www.wildwesthackinfest.com/ Today’s Red Team isn’t enough Why do we care? Because we want to move our defenses and understanding beyond a detection-based approach which has repeatedly been demonstrated to fail. Why did I build SCYTHE? What led me here? Fortune 50 Retailer Use Case Bounded Attack Space Philosophy - the atoms of an attack (different way to look at ATT&CK) Lessons Learned as a CNO expert coming into commercial/industry red teaming Red Team vs Adversary Emulation - what’s done today vs what should be done To white box or black box Threat Intelligence Such a disappointment = static identifiers, but no way to machine read for emulation Analyst reports! Sigh, you have to read and analyze to pull out capabilities and TTPs Neutered malware - awesome! But… risky and takes a decent amount of work to do, plus very prone to signature-based detection response MITRE ATT&CK - what it can and can’t do for you. Common mistakes - rigid adherence, signature-based Open Source Options: CALDERA - APT3 example (although, they didn’t really use CALDERA for this…) Powershell - great. Seen in the wild. But, not hard to defend… so limitations. Empire - based on… Powershell. Living off the Land - https://lolbas-project.github.io/ Host Activities Destruction: ransomware, wiper Escalation Persistence Credential Theft Network Activities Communication/Traffic C2 infrastructure Lateral Movement Combination of host/network Mapping Going Purple Combined visibility and reporting How do you technically do this - SIEM/Analytics, red team strings/tagging Program strategy and direction - shared gap analysis Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.