�ݺ�ߣshows by User: jorgeorchilles

�ݺ�ߣshows by User: jorgeorchilles / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: jorgeorchilles / Wed, 10 Mar 2021 18:52:36 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: jorgeorchilles SCYTHE Purple Team Workshop with Tim Schulz /jorgeorchilles/scythe-purple-team-workshop-with-tim-schulz 6049116f33f3b331ac5861edpurpleteamexerciseworkshoptimedit-210310185237
Join Tim Schulz, Adversary Emulation Lead at SCYTHE, for a three hour Hands-On Purple Team Workshop on Wednesday, March 10, 2021! ***REGISTRATION REQUIRED*** ***Use a real email address*** In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Learn the basics of Command and Control (C2) - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary with SCYTHE 3.2 in a small environment consisting of a domain controller, member server, and a Linux system - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast: https://www.scythe.io/ptef https://www.scythe.io/library/ptef-workshop How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.]]>
Join Tim Schulz, Adversary Emulation Lead at SCYTHE, for a three hour Hands-On Purple Team Workshop on Wednesday, March 10, 2021! ***REGISTRATION REQUIRED*** ***Use a real email address*** In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Learn the basics of Command and Control (C2) - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary with SCYTHE 3.2 in a small environment consisting of a domain controller, member server, and a Linux system - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast: https://www.scythe.io/ptef https://www.scythe.io/library/ptef-workshop How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.]]> Wed, 10 Mar 2021 18:52:36 GMT /jorgeorchilles/scythe-purple-team-workshop-with-tim-schulz jorgeorchilles@slideshare.net(jorgeorchilles) SCYTHE Purple Team Workshop with Tim Schulz jorgeorchilles Join Tim Schulz, Adversary Emulation Lead at SCYTHE, for a three hour Hands-On Purple Team Workshop on Wednesday, March 10, 2021! ***REGISTRATION REQUIRED*** ***Use a real email address*** In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Learn the basics of Command and Control (C2) - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary with SCYTHE 3.2 in a small environment consisting of a domain controller, member server, and a Linux system - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast: https://www.scythe.io/ptef https://www.scythe.io/library/ptef-workshop How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/6049116f33f3b331ac5861edpurpleteamexerciseworkshoptimedit-210310185237-thumbnail.jpg?width=120&height=120&fit=bounds" /> Join Tim Schulz, Adversary Emulation Lead at SCYTHE, for a three hour Hands-On Purple Team Workshop on Wednesday, March 10, 2021! ***REGISTRATION REQUIRED*** ***Use a real email address*** In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Learn the basics of Command and Control (C2) - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary with SCYTHE 3.2 in a small environment consisting of a domain controller, member server, and a Linux system - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast: https://www.scythe.io/ptef https://www.scythe.io/library/ptef-workshop How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.

SCYTHE Purple Team Workshop with Tim Schulz from Jorge Orchilles

]]> 963 0 https://cdn.slidesharecdn.com/ss_thumbnails/6049116f33f3b331ac5861edpurpleteamexerciseworkshoptimedit-210310185237-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 So you want to be a red teamer /slideshow/so-you-want-to-be-a-red-teamer/241559771 soyouwanttobearedteamer-210119140108
Red Teaming is hot right now. Many people want to get into it just because it sounds cool. While I tend to agree, there are many things to consider. There is way more to red teaming than just "getting in" to organizations. Join us for this one hour webcast where we cover what red team is, why you may want to be a red teamer, and how to become a red teamer.]]>
Red Teaming is hot right now. Many people want to get into it just because it sounds cool. While I tend to agree, there are many things to consider. There is way more to red teaming than just "getting in" to organizations. Join us for this one hour webcast where we cover what red team is, why you may want to be a red teamer, and how to become a red teamer.]]> Tue, 19 Jan 2021 14:01:08 GMT /slideshow/so-you-want-to-be-a-red-teamer/241559771 jorgeorchilles@slideshare.net(jorgeorchilles) So you want to be a red teamer jorgeorchilles Red Teaming is hot right now. Many people want to get into it just because it sounds cool. While I tend to agree, there are many things to consider. There is way more to red teaming than just "getting in" to organizations. Join us for this one hour webcast where we cover what red team is, why you may want to be a red teamer, and how to become a red teamer. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/soyouwanttobearedteamer-210119140108-thumbnail.jpg?width=120&height=120&fit=bounds" /> Red Teaming is hot right now. Many people want to get into it just because it sounds cool. While I tend to agree, there are many things to consider. There is way more to red teaming than just "getting in" to organizations. Join us for this one hour webcast where we cover what red team is, why you may want to be a red teamer, and how to become a red teamer.

So you want to be a red teamer from Jorge Orchilles

]]> 476 0 https://cdn.slidesharecdn.com/ss_thumbnails/soyouwanttobearedteamer-210119140108-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Purple Team Use Case - Security Weekly /slideshow/purple-team-use-case-security-weekly-240010335/240010335 motorhead-public-201211163558
Everyone has heard of Purple Team by now, but how many have been able to quantify the value? In this talk, we cover all the roles of a Purple Team: Cyber Threat Intelligence, Red Team, Blue Team, and Exercise Coordination. We were asked to emulate various adversaries, with an increasing order of sophistication, while implementing defenses for the adversary TTPs. We were also asked to not spend any money on new technology. Instead, we had to tune the current security controls. See the results!]]>
Everyone has heard of Purple Team by now, but how many have been able to quantify the value? In this talk, we cover all the roles of a Purple Team: Cyber Threat Intelligence, Red Team, Blue Team, and Exercise Coordination. We were asked to emulate various adversaries, with an increasing order of sophistication, while implementing defenses for the adversary TTPs. We were also asked to not spend any money on new technology. Instead, we had to tune the current security controls. See the results!]]> Fri, 11 Dec 2020 16:35:58 GMT /slideshow/purple-team-use-case-security-weekly-240010335/240010335 jorgeorchilles@slideshare.net(jorgeorchilles) Purple Team Use Case - Security Weekly jorgeorchilles Everyone has heard of Purple Team by now, but how many have been able to quantify the value? In this talk, we cover all the roles of a Purple Team: Cyber Threat Intelligence, Red Team, Blue Team, and Exercise Coordination. We were asked to emulate various adversaries, with an increasing order of sophistication, while implementing defenses for the adversary TTPs. We were also asked to not spend any money on new technology. Instead, we had to tune the current security controls. See the results! <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/motorhead-public-201211163558-thumbnail.jpg?width=120&height=120&fit=bounds" /> Everyone has heard of Purple Team by now, but how many have been able to quantify the value? In this talk, we cover all the roles of a Purple Team: Cyber Threat Intelligence, Red Team, Blue Team, and Exercise Coordination. We were asked to emulate various adversaries, with an increasing order of sophistication, while implementing defenses for the adversary TTPs. We were also asked to not spend any money on new technology. Instead, we had to tune the current security controls. See the results!

Purple Team Use Case - Security Weekly from Jorge Orchilles

]]> 760 0 https://cdn.slidesharecdn.com/ss_thumbnails/motorhead-public-201211163558-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 KringleCon 3 Providing Value in Offensive Security /slideshow/kringlecon-3-providing-value-in-offensive-security/239961293 orchilleskringlecon3-201210133701
Santa invited me to the north pole to talk about how Offensive Security is meant to provide business value. I cover Purple Teaming and C2 Matrix as well.]]>
Santa invited me to the north pole to talk about how Offensive Security is meant to provide business value. I cover Purple Teaming and C2 Matrix as well.]]> Thu, 10 Dec 2020 13:37:01 GMT /slideshow/kringlecon-3-providing-value-in-offensive-security/239961293 jorgeorchilles@slideshare.net(jorgeorchilles) KringleCon 3 Providing Value in Offensive Security jorgeorchilles Santa invited me to the north pole to talk about how Offensive Security is meant to provide business value. I cover Purple Teaming and C2 Matrix as well. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/orchilleskringlecon3-201210133701-thumbnail.jpg?width=120&height=120&fit=bounds" /> Santa invited me to the north pole to talk about how Offensive Security is meant to provide business value. I cover Purple Teaming and C2 Matrix as well.

KringleCon 3 Providing Value in Offensive Security from Jorge Orchilles

]]> 368 0 https://cdn.slidesharecdn.com/ss_thumbnails/orchilleskringlecon3-201210133701-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 C2 Matrix Anniversary - Blackhat EU 2020 /slideshow/c2-matrix-anniversary-blackhat-eu-2020/239960677 c2matrixanniversary-blackhateu-201210131509
Main site: https://thec2matrix.com Golden Source: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/ How-To: https://howto.thec2matrix.com SANS Slingshot C2 Matrix Edition VM: https://howto.thec2matrix.com/slingshot-c2-matrix-edition YouTube: https://youtube.com/playlist?list=PLfgStsuvpUpoEG3BDuUqV-ipeUff4ImYm Feedback: https://thec2matrix.com/feedback Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls.]]>
Main site: https://thec2matrix.com Golden Source: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/ How-To: https://howto.thec2matrix.com SANS Slingshot C2 Matrix Edition VM: https://howto.thec2matrix.com/slingshot-c2-matrix-edition YouTube: https://youtube.com/playlist?list=PLfgStsuvpUpoEG3BDuUqV-ipeUff4ImYm Feedback: https://thec2matrix.com/feedback Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls.]]> Thu, 10 Dec 2020 13:15:09 GMT /slideshow/c2-matrix-anniversary-blackhat-eu-2020/239960677 jorgeorchilles@slideshare.net(jorgeorchilles) C2 Matrix Anniversary - Blackhat EU 2020 jorgeorchilles Main site: https://thec2matrix.com Golden Source: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/ How-To: https://howto.thec2matrix.com SANS Slingshot C2 Matrix Edition VM: https://howto.thec2matrix.com/slingshot-c2-matrix-edition YouTube: https://youtube.com/playlist?list=PLfgStsuvpUpoEG3BDuUqV-ipeUff4ImYm Feedback: https://thec2matrix.com/feedback Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/c2matrixanniversary-blackhateu-201210131509-thumbnail.jpg?width=120&height=120&fit=bounds" /> Main site: https://thec2matrix.com Golden Source: https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/ How-To: https://howto.thec2matrix.com SANS Slingshot C2 Matrix Edition VM: https://howto.thec2matrix.com/slingshot-c2-matrix-edition YouTube: https://youtube.com/playlist?list=PLfgStsuvpUpoEG3BDuUqV-ipeUff4ImYm Feedback: https://thec2matrix.com/feedback Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls.

C2 Matrix Anniversary - Blackhat EU 2020 from Jorge Orchilles

]]> 674 0 https://cdn.slidesharecdn.com/ss_thumbnails/c2matrixanniversary-blackhateu-201210131509-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Purple Team Exercise Workshop December 2020 /slideshow/purple-team-exercise-workshop-december-2020/239925286 purpleteamexerciseworkshop-december-201209180037
In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary in a small environment consisting of a domain controller and member server - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download and read the free Purple Team Exercise Framework (PTEF): https://scythe.io/ptef How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.]]>
In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary in a small environment consisting of a domain controller and member server - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download and read the free Purple Team Exercise Framework (PTEF): https://scythe.io/ptef How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.]]> Wed, 09 Dec 2020 18:00:37 GMT /slideshow/purple-team-exercise-workshop-december-2020/239925286 jorgeorchilles@slideshare.net(jorgeorchilles) Purple Team Exercise Workshop December 2020 jorgeorchilles In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary in a small environment consisting of a domain controller and member server - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download and read the free Purple Team Exercise Framework (PTEF): https://scythe.io/ptef How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexerciseworkshop-december-201209180037-thumbnail.jpg?width=120&height=120&fit=bounds" /> In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will: - Consume Cyber Threat Intelligence from a known adversary - Extract adversary behaviors/TTPs - Play the Red Team by creating adversary emulation plans - Emulate the adversary in a small environment consisting of a domain controller and member server - Play the Blue Team and look for Indicators of Compromise - Use Wireshark to identify heartbeat and jitter - Enable Sysmon configurations to detect adversary behavior - All mapped to MITRE ATT&CK - Have FUN! What do you need? All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download and read the free Purple Team Exercise Framework (PTEF): https://scythe.io/ptef How will it work? We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.

Purple Team Exercise Workshop December 2020 from Jorge Orchilles

]]> 507 0 https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexerciseworkshop-december-201209180037-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 External Threat Hunters are Red Teamers /slideshow/external-threat-hunters-are-red-teamers/239728213 externalthreathuntersareredteamers-201203183227
This talk will introduce a relatively new concept in Threat Hunting by explaining how external threat hunters use similar techniques to Red teamers to create a repeatable hunting model through the use of an intermediary payload system to provide insight, awareness, and action. David Maynor, @Dave_Maynor, Black Lotus Labs Analysis Lead, Centurylink Jorge Orchilles, @jorgeorchilles, CTO, SCYTHE]]>
This talk will introduce a relatively new concept in Threat Hunting by explaining how external threat hunters use similar techniques to Red teamers to create a repeatable hunting model through the use of an intermediary payload system to provide insight, awareness, and action. David Maynor, @Dave_Maynor, Black Lotus Labs Analysis Lead, Centurylink Jorge Orchilles, @jorgeorchilles, CTO, SCYTHE]]> Thu, 03 Dec 2020 18:32:27 GMT /slideshow/external-threat-hunters-are-red-teamers/239728213 jorgeorchilles@slideshare.net(jorgeorchilles) External Threat Hunters are Red Teamers jorgeorchilles This talk will introduce a relatively new concept in Threat Hunting by explaining how external threat hunters use similar techniques to Red teamers to create a repeatable hunting model through the use of an intermediary payload system to provide insight, awareness, and action. David Maynor, @Dave_Maynor, Black Lotus Labs Analysis Lead, Centurylink Jorge Orchilles, @jorgeorchilles, CTO, SCYTHE <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/externalthreathuntersareredteamers-201203183227-thumbnail.jpg?width=120&height=120&fit=bounds" /> This talk will introduce a relatively new concept in Threat Hunting by explaining how external threat hunters use similar techniques to Red teamers to create a repeatable hunting model through the use of an intermediary payload system to provide insight, awareness, and action. David Maynor, @Dave_Maynor, Black Lotus Labs Analysis Lead, Centurylink Jorge Orchilles, @jorgeorchilles, CTO, SCYTHE

External Threat Hunters are Red Teamers from Jorge Orchilles

]]> 256 0 https://cdn.slidesharecdn.com/ss_thumbnails/externalthreathuntersareredteamers-201203183227-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Evolution of Offensive Assessments - SecureWV Conference /jorgeorchilles/evolution-of-offensive-assessments-securewv-conference evolutionofoffensiveassessments-securewv-201107143821
https://www.scythe.io/library/threatthursday-ryuk Vulnerability Scanning Vulnerability Assessment Penetration Testing Red Team Purple Team Adversary Emulation Ransomware Consuming Cyber Threat Intelligence Emulating Ryuk Attack Infrastructure C2 Matrix RedELK]]>
https://www.scythe.io/library/threatthursday-ryuk Vulnerability Scanning Vulnerability Assessment Penetration Testing Red Team Purple Team Adversary Emulation Ransomware Consuming Cyber Threat Intelligence Emulating Ryuk Attack Infrastructure C2 Matrix RedELK]]> Sat, 07 Nov 2020 14:38:21 GMT /jorgeorchilles/evolution-of-offensive-assessments-securewv-conference jorgeorchilles@slideshare.net(jorgeorchilles) Evolution of Offensive Assessments - SecureWV Conference jorgeorchilles https://www.scythe.io/library/threatthursday-ryuk Vulnerability Scanning Vulnerability Assessment Penetration Testing Red Team Purple Team Adversary Emulation Ransomware Consuming Cyber Threat Intelligence Emulating Ryuk Attack Infrastructure C2 Matrix RedELK <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/evolutionofoffensiveassessments-securewv-201107143821-thumbnail.jpg?width=120&height=120&fit=bounds" /> https://www.scythe.io/library/threatthursday-ryuk Vulnerability Scanning Vulnerability Assessment Penetration Testing Red Team Purple Team Adversary Emulation Ransomware Consuming Cyber Threat Intelligence Emulating Ryuk Attack Infrastructure C2 Matrix RedELK

Evolution of Offensive Assessments - SecureWV Conference from Jorge Orchilles

]]> 217 0 https://cdn.slidesharecdn.com/ss_thumbnails/evolutionofoffensiveassessments-securewv-201107143821-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Purple Team Exercise Hands-On Workshop #GrayHat /slideshow/purple-team-exercise-handson-workshop-grayhat/239013772 purpleteamexerciseworkshop-201029192447
These are the lecture portion of the slides for the Gray Hat Purple Team Exercise Hands-On Workshop sponsored by SCYTHE. https://scythe.io]]>
These are the lecture portion of the slides for the Gray Hat Purple Team Exercise Hands-On Workshop sponsored by SCYTHE. https://scythe.io]]> Thu, 29 Oct 2020 19:24:47 GMT /slideshow/purple-team-exercise-handson-workshop-grayhat/239013772 jorgeorchilles@slideshare.net(jorgeorchilles) Purple Team Exercise Hands-On Workshop #GrayHat jorgeorchilles These are the lecture portion of the slides for the Gray Hat Purple Team Exercise Hands-On Workshop sponsored by SCYTHE. https://scythe.io <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexerciseworkshop-201029192447-thumbnail.jpg?width=120&height=120&fit=bounds" /> These are the lecture portion of the slides for the Gray Hat Purple Team Exercise Hands-On Workshop sponsored by SCYTHE. https://scythe.io

Purple Team Exercise Hands-On Workshop #GrayHat from Jorge Orchilles

]]> 986 0 https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexerciseworkshop-201029192447-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Evolution of Offensive Assessments - RootCon /slideshow/evolution-of-offensive-assessments-rootcon/238826687 evolutionofoffensiveassessments-rootcon-201010154342
Hands-On Purple Team Workshops - Oct 15, 29, Nov 12 http://scythe.io/workshops #SEC564 - https://sans.org/sec564 Singapore - Oct 19-22 HackFest - Nov 16-17 RoundUp on #AdversaryEmulation Oct 22 https://wildwesthackinfest.com/the-roundup/ Purple Team Summit - November 13 https://www.scythe.io/purple-team-summit]]>
Hands-On Purple Team Workshops - Oct 15, 29, Nov 12 http://scythe.io/workshops #SEC564 - https://sans.org/sec564 Singapore - Oct 19-22 HackFest - Nov 16-17 RoundUp on #AdversaryEmulation Oct 22 https://wildwesthackinfest.com/the-roundup/ Purple Team Summit - November 13 https://www.scythe.io/purple-team-summit]]> Sat, 10 Oct 2020 15:43:42 GMT /slideshow/evolution-of-offensive-assessments-rootcon/238826687 jorgeorchilles@slideshare.net(jorgeorchilles) Evolution of Offensive Assessments - RootCon jorgeorchilles Hands-On Purple Team Workshops - Oct 15, 29, Nov 12 http://scythe.io/workshops #SEC564 - https://sans.org/sec564 Singapore - Oct 19-22 HackFest - Nov 16-17 RoundUp on #AdversaryEmulation Oct 22 https://wildwesthackinfest.com/the-roundup/ Purple Team Summit - November 13 https://www.scythe.io/purple-team-summit <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/evolutionofoffensiveassessments-rootcon-201010154342-thumbnail.jpg?width=120&height=120&fit=bounds" /> Hands-On Purple Team Workshops - Oct 15, 29, Nov 12 http://scythe.io/workshops #SEC564 - https://sans.org/sec564 Singapore - Oct 19-22 HackFest - Nov 16-17 RoundUp on #AdversaryEmulation Oct 22 https://wildwesthackinfest.com/the-roundup/ Purple Team Summit - November 13 https://www.scythe.io/purple-team-summit

Evolution of Offensive Assessments - RootCon from Jorge Orchilles

]]> 391 0 https://cdn.slidesharecdn.com/ss_thumbnails/evolutionofoffensiveassessments-rootcon-201010154342-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 8.8 Las Vegas - Adversary Emulation con C2 Matrix /jorgeorchilles/88-las-vegas-adversary-emulation-con-c2-matrix adversaryemulation-8-200812130647
Keynote de 8.8 Las Vegas 2020: https://www.8dot8.org/8-8-las-vegas/ La presentacion es una combinacion de mis presentaciones de Blackhat 2020 Arsenal - C2 Matrix y DEF CON Red Team Village de Adversary Emulation. https://twitter.com/jorgeorchilles]]>
Keynote de 8.8 Las Vegas 2020: https://www.8dot8.org/8-8-las-vegas/ La presentacion es una combinacion de mis presentaciones de Blackhat 2020 Arsenal - C2 Matrix y DEF CON Red Team Village de Adversary Emulation. https://twitter.com/jorgeorchilles]]> Wed, 12 Aug 2020 13:06:47 GMT /jorgeorchilles/88-las-vegas-adversary-emulation-con-c2-matrix jorgeorchilles@slideshare.net(jorgeorchilles) 8.8 Las Vegas - Adversary Emulation con C2 Matrix jorgeorchilles Keynote de 8.8 Las Vegas 2020: https://www.8dot8.org/8-8-las-vegas/ La presentacion es una combinacion de mis presentaciones de Blackhat 2020 Arsenal - C2 Matrix y DEF CON Red Team Village de Adversary Emulation. https://twitter.com/jorgeorchilles <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulation-8-200812130647-thumbnail.jpg?width=120&height=120&fit=bounds" /> Keynote de 8.8 Las Vegas 2020: https://www.8dot8.org/8-8-las-vegas/ La presentacion es una combinacion de mis presentaciones de Blackhat 2020 Arsenal - C2 Matrix y DEF CON Red Team Village de Adversary Emulation. https://twitter.com/jorgeorchilles

8.8 Las Vegas - Adversary Emulation con C2 Matrix from Jorge Orchilles

]]> 371 0 https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulation-8-200812130647-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker /jorgeorchilles/defcon-safe-mode-red-team-village-emulating-evil-corp-and-wastedlocker adversaryemulation-ransomwareedition-200806135222
Deep Dive into Adversary Emulation - Ransomware Edition This talk covers the Garmin July 2020 hack by a group called Evil Corp that leveraged a newer ransomware called WastedLocker. We cover Cyber Threat Intelligence, creating an adversary emulation plan for ransomware, demo the emulation, and discuss how to defend against these attacks.]]>
Deep Dive into Adversary Emulation - Ransomware Edition This talk covers the Garmin July 2020 hack by a group called Evil Corp that leveraged a newer ransomware called WastedLocker. We cover Cyber Threat Intelligence, creating an adversary emulation plan for ransomware, demo the emulation, and discuss how to defend against these attacks.]]> Thu, 06 Aug 2020 13:52:22 GMT /jorgeorchilles/defcon-safe-mode-red-team-village-emulating-evil-corp-and-wastedlocker jorgeorchilles@slideshare.net(jorgeorchilles) DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker jorgeorchilles Deep Dive into Adversary Emulation - Ransomware Edition This talk covers the Garmin July 2020 hack by a group called Evil Corp that leveraged a newer ransomware called WastedLocker. We cover Cyber Threat Intelligence, creating an adversary emulation plan for ransomware, demo the emulation, and discuss how to defend against these attacks. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulation-ransomwareedition-200806135222-thumbnail.jpg?width=120&height=120&fit=bounds" /> Deep Dive into Adversary Emulation - Ransomware Edition This talk covers the Garmin July 2020 hack by a group called Evil Corp that leveraged a newer ransomware called WastedLocker. We cover Cyber Threat Intelligence, creating an adversary emulation plan for ransomware, demo the emulation, and discuss how to defend against these attacks.

DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker from Jorge Orchilles

]]> 835 1 https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulation-ransomwareedition-200806135222-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Blackhat 2020 Arsenal - C2 Matrix /slideshow/blackhat-2020-arsenal-c2-matrix/237580064 bh-usa2020-arsenal-c2matrix-200805141240
�ݺ�ߣs from @jorgeorchilles and @brysonbort talk at Blackhat 2020 - Arsenal covering the C2 Matrix. Website: https://thec2matrix.com Blackhat: https://www.blackhat.com/us-20/arsenal/schedule/#c-matrix-comparison-of-command-and-control-frameworks-20768 Video: https://youtu.be/2i9KjHCR6ik Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 41 command and control frameworks documented in a Google Sheet, web site, and questionnaire format. ]]>
�ݺ�ߣs from @jorgeorchilles and @brysonbort talk at Blackhat 2020 - Arsenal covering the C2 Matrix. Website: https://thec2matrix.com Blackhat: https://www.blackhat.com/us-20/arsenal/schedule/#c-matrix-comparison-of-command-and-control-frameworks-20768 Video: https://youtu.be/2i9KjHCR6ik Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 41 command and control frameworks documented in a Google Sheet, web site, and questionnaire format. ]]> Wed, 05 Aug 2020 14:12:39 GMT /slideshow/blackhat-2020-arsenal-c2-matrix/237580064 jorgeorchilles@slideshare.net(jorgeorchilles) Blackhat 2020 Arsenal - C2 Matrix jorgeorchilles �ݺ�ߣs from @jorgeorchilles and @brysonbort talk at Blackhat 2020 - Arsenal covering the C2 Matrix. Website: https://thec2matrix.com Blackhat: https://www.blackhat.com/us-20/arsenal/schedule/#c-matrix-comparison-of-command-and-control-frameworks-20768 Video: https://youtu.be/2i9KjHCR6ik Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 41 command and control frameworks documented in a Google Sheet, web site, and questionnaire format. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bh-usa2020-arsenal-c2matrix-200805141240-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs from @jorgeorchilles and @brysonbort talk at Blackhat 2020 - Arsenal covering the C2 Matrix. Website: https://thec2matrix.com Blackhat: https://www.blackhat.com/us-20/arsenal/schedule/#c-matrix-comparison-of-command-and-control-frameworks-20768 Video: https://youtu.be/2i9KjHCR6ik Command and Control is one of the most important tactics in the MITRE ATT&CK matrix as it allows the attacker to interact with the target system and realize their objectives. Organizations leverage Cyber Threat Intelligence to understand their threat model and adversaries that have the intent, opportunity, and capability to attack. Red Team, Blue Team, and virtual Purple Teams work together to understand the adversary Tactics, Techniques, and Procedures to perform adversary emulations and improve detective and preventive controls. The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations (Red Team or Purple Team Exercises). Phase 1 lists all the Command and Control features such as the coding language used, channels (HTTP, TCP, DNS, SMB, etc.), agents, key exchange, and other operational security features and capabilities. This allows more efficient decisions making when called upon to emulate and adversary TTPs. It is the golden age of Command and Control (C2) frameworks. Learn how these C2 frameworks work and start testing against your organization to improve detective and preventive controls. The C2 Matrix currently has 41 command and control frameworks documented in a Google Sheet, web site, and questionnaire format.

Blackhat 2020 Arsenal - C2 Matrix from Jorge Orchilles

]]> 424 0 https://cdn.slidesharecdn.com/ss_thumbnails/bh-usa2020-arsenal-c2matrix-200805141240-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Purple Team Exercise Framework Workshop #PTEF /slideshow/purple-team-exercise-framework-workshop-ptef/237405317 purpleteamexerciseworkshop-200730140533
Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it. Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 #ThreatThursday: https://www.scythe.io/threatthursday #C2Matrix: https://thec2matrix.com/ Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam SCYTHE Playbooks: https://github.com/scythe-io/community-threats #ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html VECTR: https://vectr.io/ Unicon: https://www.scythe.io/unicon2020]]>
Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it. Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 #ThreatThursday: https://www.scythe.io/threatthursday #C2Matrix: https://thec2matrix.com/ Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam SCYTHE Playbooks: https://github.com/scythe-io/community-threats #ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html VECTR: https://vectr.io/ Unicon: https://www.scythe.io/unicon2020]]> Thu, 30 Jul 2020 14:05:33 GMT /slideshow/purple-team-exercise-framework-workshop-ptef/237405317 jorgeorchilles@slideshare.net(jorgeorchilles) Purple Team Exercise Framework Workshop #PTEF jorgeorchilles Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it. Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 #ThreatThursday: https://www.scythe.io/threatthursday #C2Matrix: https://thec2matrix.com/ Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam SCYTHE Playbooks: https://github.com/scythe-io/community-threats #ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html VECTR: https://vectr.io/ Unicon: https://www.scythe.io/unicon2020 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexerciseworkshop-200730140533-thumbnail.jpg?width=120&height=120&fit=bounds" /> Purple Team exercises are an efficient and effective method of adversary emulation leading to the training and improvement of people, process, and technology. Red Teams and Blue Teams work together in a live production environment, emulating a selected adversary that has the capability, intent, and opportunity to attack the target organization provided by Cyber Threat Intelligence. Purple Team exercises are ‘hands on keyboard’ exercises where Red and Blue teams work together with an open discussion about each attack procedure and how to detect and alert against it. Purple Team Exercise Framework #PTEF: https://www.scythe.io/ptef Ethical Hacking Maturity Model: https://www.scythe.io/library/scythes-ethical-hacking-maturity-model Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 #ThreatThursday: https://www.scythe.io/threatthursday #C2Matrix: https://thec2matrix.com/ Atomic Purple Team: https://github.com/DefensiveOrigins/AtomicPurpleTeam SCYTHE Playbooks: https://github.com/scythe-io/community-threats #ThreatHunting Playbooks: https://threathunterplaybook.com/introduction.html VECTR: https://vectr.io/ Unicon: https://www.scythe.io/unicon2020

Purple Team Exercise Framework Workshop #PTEF from Jorge Orchilles

]]> 3018 0 https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexerciseworkshop-200730140533-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Purple Team Exercises - GRIMMCon /slideshow/purple-team-exercises-grimmcon/236943108 purpleteamexercises-grimmcon-200715204424
Offensive security and Ethical Hacking is about providing business value. One of the most efficient and effective ways to improve security is through Adversary Emulation Purple Team Exercises. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will cover how to run a high-value adversary emulation through a Purple Team Exercise. https://www.scythe.io/library/threatthursday-apt33]]>
Offensive security and Ethical Hacking is about providing business value. One of the most efficient and effective ways to improve security is through Adversary Emulation Purple Team Exercises. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will cover how to run a high-value adversary emulation through a Purple Team Exercise. https://www.scythe.io/library/threatthursday-apt33]]> Wed, 15 Jul 2020 20:44:24 GMT /slideshow/purple-team-exercises-grimmcon/236943108 jorgeorchilles@slideshare.net(jorgeorchilles) Purple Team Exercises - GRIMMCon jorgeorchilles Offensive security and Ethical Hacking is about providing business value. One of the most efficient and effective ways to improve security is through Adversary Emulation Purple Team Exercises. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will cover how to run a high-value adversary emulation through a Purple Team Exercise. https://www.scythe.io/library/threatthursday-apt33 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexercises-grimmcon-200715204424-thumbnail.jpg?width=120&height=120&fit=bounds" /> Offensive security and Ethical Hacking is about providing business value. One of the most efficient and effective ways to improve security is through Adversary Emulation Purple Team Exercises. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will cover how to run a high-value adversary emulation through a Purple Team Exercise. https://www.scythe.io/library/threatthursday-apt33

Purple Team Exercises - GRIMMCon from Jorge Orchilles

]]> 2479 2 https://cdn.slidesharecdn.com/ss_thumbnails/purpleteamexercises-grimmcon-200715204424-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Managing & Showing Value during Red Team Engagements & Purple Team Exercises - VECTR SANS Webcast /slideshow/managing-showing-value-during-red-team-engagements-purple-team-exercises-vectr-sans-webcast/236525540 sansvectrwebcast-200702144635
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos. VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments. Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.]]>
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos. VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments. Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.]]> Thu, 02 Jul 2020 14:46:35 GMT /slideshow/managing-showing-value-during-red-team-engagements-purple-team-exercises-vectr-sans-webcast/236525540 jorgeorchilles@slideshare.net(jorgeorchilles) Managing & Showing Value during Red Team Engagements & Purple Team Exercises - VECTR SANS Webcast jorgeorchilles Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos. VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments. Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sansvectrwebcast-200702144635-thumbnail.jpg?width=120&height=120&fit=bounds" /> Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos. VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments. Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.

Managing & Showing Value during Red Team Engagements & Purple Team Exercises - VECTR SANS Webcast from Jorge Orchilles

]]> 1081 0 https://cdn.slidesharecdn.com/ss_thumbnails/sansvectrwebcast-200702144635-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Cuddling the Cozy Bear Emulating APT29 /slideshow/cuddling-the-cozy-bear-emulating-apt29/236307876 cozybear-junegle-200627225444
Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.]]>
Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.]]> Sat, 27 Jun 2020 22:54:44 GMT /slideshow/cuddling-the-cozy-bear-emulating-apt29/236307876 jorgeorchilles@slideshare.net(jorgeorchilles) Cuddling the Cozy Bear Emulating APT29 jorgeorchilles Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/cozybear-junegle-200627225444-thumbnail.jpg?width=120&height=120&fit=bounds" /> Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.

Cuddling the Cozy Bear Emulating APT29 from Jorge Orchilles

]]> 1468 0 https://cdn.slidesharecdn.com/ss_thumbnails/cozybear-junegle-200627225444-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Adversary Emulation - Red Team Village - Mayhem 2020 /slideshow/adversary-emulation-red-team-village-mayhem-2020/234112533 adversaryemulationmayhem-200516170317
Presentation at DEF CON Red Team Village - Mayhem Virtual Summit 2020 Adversary Emulation - Red Team emulating APT19 with Empire3 and Starkiller Connect: https://twitter.com/jorgeorchilles https://twitter.com/c2_matrix References: https://mitre-attack.github.io/attack-navigator/enterprise/ https://attack.mitre.org/groups/G0073/ https://www.thec2matrix.com/ https://howto.thec2matrix.com/slingshot-c2-matrix-edition https://howto.thec2matrix.com/c2/empire#red-team-village-mayhem-demo-of-apt19 https://vectr.io/ https://www.scythe.io/]]>
Presentation at DEF CON Red Team Village - Mayhem Virtual Summit 2020 Adversary Emulation - Red Team emulating APT19 with Empire3 and Starkiller Connect: https://twitter.com/jorgeorchilles https://twitter.com/c2_matrix References: https://mitre-attack.github.io/attack-navigator/enterprise/ https://attack.mitre.org/groups/G0073/ https://www.thec2matrix.com/ https://howto.thec2matrix.com/slingshot-c2-matrix-edition https://howto.thec2matrix.com/c2/empire#red-team-village-mayhem-demo-of-apt19 https://vectr.io/ https://www.scythe.io/]]> Sat, 16 May 2020 17:03:17 GMT /slideshow/adversary-emulation-red-team-village-mayhem-2020/234112533 jorgeorchilles@slideshare.net(jorgeorchilles) Adversary Emulation - Red Team Village - Mayhem 2020 jorgeorchilles Presentation at DEF CON Red Team Village - Mayhem Virtual Summit 2020 Adversary Emulation - Red Team emulating APT19 with Empire3 and Starkiller Connect: https://twitter.com/jorgeorchilles https://twitter.com/c2_matrix References: https://mitre-attack.github.io/attack-navigator/enterprise/ https://attack.mitre.org/groups/G0073/ https://www.thec2matrix.com/ https://howto.thec2matrix.com/slingshot-c2-matrix-edition https://howto.thec2matrix.com/c2/empire#red-team-village-mayhem-demo-of-apt19 https://vectr.io/ https://www.scythe.io/ <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulationmayhem-200516170317-thumbnail.jpg?width=120&height=120&fit=bounds" /> Presentation at DEF CON Red Team Village - Mayhem Virtual Summit 2020 Adversary Emulation - Red Team emulating APT19 with Empire3 and Starkiller Connect: https://twitter.com/jorgeorchilles https://twitter.com/c2_matrix References: https://mitre-attack.github.io/attack-navigator/enterprise/ https://attack.mitre.org/groups/G0073/ https://www.thec2matrix.com/ https://howto.thec2matrix.com/slingshot-c2-matrix-edition https://howto.thec2matrix.com/c2/empire#red-team-village-mayhem-demo-of-apt19 https://vectr.io/ https://www.scythe.io/

Adversary Emulation - Red Team Village - Mayhem 2020 from Jorge Orchilles

]]> 874 0 https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulationmayhem-200516170317-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Adversary Emulation and Red Team Exercises - EDUCAUSE /slideshow/adversary-emulation-and-red-team-exercises-educause/233822722 adversaryemulation-upload-200513155019
�ݺ�ߣs for EDUCAUSE - Security Professionals Conference Online https://www.educause.edu/ by https://twitter.com/jorgeorchilles References: Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 MITRE ATT&CK https://attack.mitre.org/ ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ C2 Matrix: https://www.thec2matrix.com/ VECTR: https://vectr.io/ 2 Day Red Team Exercises and Adversary Emulation SANS Course SEC564: https://www.sans.org/course/red-team-exercises-adversary-emulation ]]>
�ݺ�ߣs for EDUCAUSE - Security Professionals Conference Online https://www.educause.edu/ by https://twitter.com/jorgeorchilles References: Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 MITRE ATT&CK https://attack.mitre.org/ ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ C2 Matrix: https://www.thec2matrix.com/ VECTR: https://vectr.io/ 2 Day Red Team Exercises and Adversary Emulation SANS Course SEC564: https://www.sans.org/course/red-team-exercises-adversary-emulation ]]> Wed, 13 May 2020 15:50:18 GMT /slideshow/adversary-emulation-and-red-team-exercises-educause/233822722 jorgeorchilles@slideshare.net(jorgeorchilles) Adversary Emulation and Red Team Exercises - EDUCAUSE jorgeorchilles �ݺ�ߣs for EDUCAUSE - Security Professionals Conference Online https://www.educause.edu/ by https://twitter.com/jorgeorchilles References: Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 MITRE ATT&CK https://attack.mitre.org/ ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ C2 Matrix: https://www.thec2matrix.com/ VECTR: https://vectr.io/ 2 Day Red Team Exercises and Adversary Emulation SANS Course SEC564: https://www.sans.org/course/red-team-exercises-adversary-emulation <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulation-upload-200513155019-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs for EDUCAUSE - Security Professionals Conference Online https://www.educause.edu/ by https://twitter.com/jorgeorchilles References: Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 MITRE ATT&CK https://attack.mitre.org/ ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ C2 Matrix: https://www.thec2matrix.com/ VECTR: https://vectr.io/ 2 Day Red Team Exercises and Adversary Emulation SANS Course SEC564: https://www.sans.org/course/red-team-exercises-adversary-emulation

Adversary Emulation and Red Team Exercises - EDUCAUSE from Jorge Orchilles

]]> 966 0 https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulation-upload-200513155019-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Adversary Emulation - DerpCon /slideshow/adversary-emulation-derpcon/233018465 adversaryemulationderpconupload-200501193522
Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.]]>
Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.]]> Fri, 01 May 2020 19:35:22 GMT /slideshow/adversary-emulation-derpcon/233018465 jorgeorchilles@slideshare.net(jorgeorchilles) Adversary Emulation - DerpCon jorgeorchilles Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulationderpconupload-200501193522-thumbnail.jpg?width=120&height=120&fit=bounds" /> Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.

Adversary Emulation - DerpCon from Jorge Orchilles

]]> 1890 0 https://cdn.slidesharecdn.com/ss_thumbnails/adversaryemulationderpconupload-200501193522-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-jorgeorchilles-48x48.jpg?cb=1615402337 Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years. He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry. www.orchilles.com https://cdn.slidesharecdn.com/ss_thumbnails/6049116f33f3b331ac5861edpurpleteamexerciseworkshoptimedit-210310185237-thumbnail.jpg?width=320&height=320&fit=bounds jorgeorchilles/scythe-purple-team-workshop-with-tim-schulz SCYTHE Purple Team Wor... https://cdn.slidesharecdn.com/ss_thumbnails/soyouwanttobearedteamer-210119140108-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/so-you-want-to-be-a-red-teamer/241559771 So you want to be a re... https://cdn.slidesharecdn.com/ss_thumbnails/motorhead-public-201211163558-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/purple-team-use-case-security-weekly-240010335/240010335 Purple Team Use Case -...