DIY your APT for your protection

This time, I've made sure to upload the deck as soon as possible.

I've had the pleasure to present in a recent Microsoft Community meetup about providing defender automated offensive capabilities to assist in building a detection coverage map.

Using Caldera by Mitre, you can create your own APT, attack chains to automate specific TTP and to test if your detection mechanism is working as expected while aligning with ATT&CK.

As part of preparing for this, I've developed a dedicated branch in Disruption called Caldera that automates the deployment of Caldera in the environment.

I wouldn't repeat all I said yesterday, but here is the outline:

  • Slide 1 - Opening slide
  • Slide 2 - Who am i
  • Slide 3 - Case of missing logs of a known attack
  • Slide 4 - missing logs POC
  • Slide 5 - What do we do when we don't know what's going on
  • Slide 6 - Basic org security investments
  • Slide 7 - Do we need attackers?
  • Slide 8 - Consultation challenges
  • Slide 9 - Can defenders assess themselves?
  • Slide 10 - In-sourcing the detection coverage
  • Slide 11 - Meet Caldera
  • Slide 12 - Use-cases
  • Slide 13 - no one-size in threats - need to DIY
  • Slide 14 - Demo

The deck is available here

Not how many, but where.