Скачать или смотреть Red Team Engagements: Training Your Blue Team to Hunt Adversaries

This talk focuses on how the Internal Red Team can pragmatically train blue teams to hunt threat actors in the environment. It incorporates the philosophy of “train like you would fight”.

During this presentation we will discuss how to build visual detection charts using threat intelligence incorporating MITRE ATT&CK®. Then we will demonstrate how to leverage the visual detection charts to plan and execute purple team exercises. We will also demonstrate an example of how to effectively work with SOC and other stakeholders to build high fidelity detections.

Next, we will discuss how to effectively build an adversary detection pipeline using enterprise issue & project tracking software. We will show examples of cataloging, elements of minimum detection criteria, as well as, feeding priority detections into the pipeline.

Finally, we will focus on how internal red teams can conduct adversary simulation and emulation to train the Blue side to be better threat hunters. We will show how to plan and execute these engagements, as well as, develop actionable reports to plug holes found during the operation.

Presenter: Madhav Bhatt, Offensive Security Engineer, Credit Karma
Follow:   / desi_jarvis  
Presenter: Brad Richardson, Offensive Security Engineer, Credit Karma

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g