This time, I've made sure to upload the deck as soon as possible.
I've had the pleasure to present in a recent Microsoft Community meetup about providing defender automated offensive capabilities to assist in building a detection coverage map.
I wouldn't repeat all I said yesterday, but here is the outline:
- Slide 1 - Opening slide
- Slide 2 - Who am i
- Slide 3 - Case of missing logs of a known attack
- Slide 4 - missing logs POC
- Slide 5 - What do we do when we don't know what's going on
- Slide 6 - Basic org security investments
- Slide 7 - Do we need attackers?
- Slide 8 - Consultation challenges
- Slide 9 - Can defenders assess themselves?
- Slide 10 - In-sourcing the detection coverage
- Slide 11 - Meet Caldera
- Slide 12 - Use-cases
- Slide 13 - no one-size in threats - need to DIY
- Slide 14 - Demo
The deck is available here
Not how many, but where.