Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations
Offered By: Ekoparty Security Conference via YouTube
Course Description
Overview
Explore adversary emulation techniques in this 55-minute conference talk from Ekoparty Security Conference. Learn how the MITRE ATT&CK Evaluations team improves cybersecurity by studying advanced threat actors, developing scenarios, and executing operations against major EDR vendors. Discover the process of merging cyber threat intelligence (CTI) and red team development capabilities, using a Latin American APT as an example. Follow along as speakers demonstrate evaluating technical reports, building scenarios, creating CTI diagrams, and addressing data gaps. Gain insights into the collaboration between CTI and red teams, including malware development, tool creation, and infrastructure setup. Understand the implementation of techniques like process injection, persistence, hands-on-keyboard discovery, and lateral movement. Learn how to launch attacks, analyze defender responses, and uncover attack patterns. Access publicly released code, research, and emulation plans to enhance your own defensive strategies using the "become the villain" methodology.
Syllabus
Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations -K. Esprit/ C. Self
Taught by
Ekoparty Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network