Red Team Engagements: How to Train Your Blue Team to Hunt Adversaries
This talk focuses on how the Internal Red Team can pragmatically train blue teams to hunt threat actors in the environment. It incorporates the philosophy of “train like you would fight”.
During this presentation we will discuss how to build visual detection charts using threat intelligence incorporating MITRE ATT&CK. Then we will demonstrate how to leverage the visual detection charts to plan and execute purple team exercises. We will also demonstrate an example of how to effectively work with SOC and other stakeholders to build high fidelity detections.
Next, we will discuss how to effectively build an adversary detection pipeline using enterprise issue & project tracking software. We will show examples of cataloging, elements of minimum detection criteria, as well as, feeding priority detections into the pipeline.
Finally, we will focus on how internal red teams can conduct adversary simulation and emulation to train the Blue side to be better threat hunters. We will show how to plan and execute these engagements, as well as, develop actionable reports to bolster prevention, detection, and response measures.
Brad Richardson’s security practitioner career spans 15 years in the areas of vulnerability management, security audit, pentest, and red team. Brad began his technology path in system engineering and quickly became interested in how cyber attackers find cracks in the best laid security plans and hardened networks. He continues to study how attackers find ways in and takes a special interest in the psychology of social engineering, security metrics, and adversary emulation.
Madhav has completed his Master’s degree in Computer Engineering with specialization in Cyber Security. He worked as an intern while in college wearing multiple hats such as systems administrator, network architect, penetration tester as well as worked on research projects to design and develop IDS for OSPF route poisoning attacks. After graduation, he has been working in the field of Information Security where he has planned and executed different adversary simulations and emulations, purple team exercises, social engineering campaigns, network as well as application penetration tests.