Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations

Explore adversary emulation techniques in this 55-minute conference talk from Ekoparty Security Conference. Learn how the MITRE ATT&CK Evaluations team improves cybersecurity by studying advanced threat actors, developing scenarios, and executing operations against major EDR vendors. Discover the process of merging cyber threat intelligence (CTI) and red team development capabilities, using a Latin American APT as an example. Follow along as speakers demonstrate evaluating technical reports, building scenarios, creating CTI diagrams, and addressing data gaps. Gain insights into the collaboration between CTI and red teams, including malware development, tool creation, and infrastructure setup. Understand the implementation of techniques like process injection, persistence, hands-on-keyboard discovery, and lateral movement. Learn how to launch attacks, analyze defender responses, and uncover attack patterns. Access publicly released code, research, and emulation plans to enhance your own defensive strategies using the "become the villain" methodology.

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations -K. Esprit/ C. Self