Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team скачать в хорошем качестве

Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team

Abstract: To detect evil in the cloud, you must first know what 'evil' looks like. Then, it's critical to have an easy way to reproduce common attack techniques in live environments, to validate that our threat detection and logging pipelines work as intended. In this talk, we present Stratus Red Team, an open-source project for adversary emulation and end-to-end validation of threat detection in AWS, Kubernetes and Azure. We discuss the motivation behind the project, design choices, and the philosophy behind Stratus Red Team: helping blue teams focus on real-world, documented attack techniques and empower them to iteratively build high-quality detections. We also discuss more advanced use-cases that Stratus Red Team allows, such as running it on a schedule in your CI/CD to continuously validate that the expected alerts are popping up in your SIEM. We conclude with a live demo where we 'detonate' attack techniques against a live Kubernetes cluster and AWS account. Slides: http://dtdg.co/stratusredteam-cloudvi... Speaker Details: Christophe is a cloud security researcher and advocate at Datadog. He's passionate about threat detection in the cloud, and cloud-native technologies in general. He previously worked as a software developer, penetration tester, SOC analyst and cloud security engineer. He likes to write about technology he likes, uses, dislikes and misuses. Living in Switzerland, you can tell he's French when he speaks.