We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations
Understand attacker behavior and strengthen defenses with a demonstration of the Dark Knight approach to Adversary Emulation, emphasizing the importance of transparency, collaboration, and actionable information.
- The Dark Knight approach to Adversary Emulation is emphasized, highlighting the importance of addressing attack techniques in a more transparent and open-source manner.
- The speaker notes that emulation is a complex process, requiring a deep understanding of malware development and the ATT&CK framework.
- Two reports (Lab52 and BlackBerry) are specifically called out for providing actionable information on TTPs.
- Emulation is necessary for understanding attacker behavior and identifying gaps in defenses.
- ATT&CK evaluations serve as a critical tool for assessing defenses and identifying areas for improvement.
- The Blind Eagle scenario is used as an example of an adversary emulator, highlighting the importance of understanding attacking techniques and identifying gaps in defenses.
- The speaker emphasizes the need for collaboration between CTI and Red teams to better understand attacker behavior and improve defenses.
- The importance of technical depth and insight in emulation is stressed, noting that this enables more effective reporting and collaboration.
- The speaker recommends allocating actual time for emulation, as automation is not sufficient.
- The need for clear, actionable information is highlighted, with the speaker noting that attack techniques should be prioritized.
- Collaboration between teams, including CTI, Red, and White teams, is emphasized.
- The importance of transparency and open-source reporting is stressed, with the speaker noting that this enables better understanding of attack techniques and identification of gaps in defenses.
- The speaker recommends that CTI teams, Red teams, and White teams work together to better understand attacker behavior and improve defenses.
- The importance of providing actionable information is stressed, with the speaker noting that this enables better understanding of attack techniques and identification of gaps in defenses.