Session Description:
As organizations deploy security solutions, it becomes imperative that these solutions are tested. We have developed a series of testing capabilities that map to the MITRE ATT&CK(™). This framework is called Atomic Red Team (ART). ART is a collection of tests and tools that can be used to assess a program’s ability to detect adversary techniques so they better understand their security posture. We believe that this framework represents an excellent catalog of post-exploitation activity. The test plans we have developed are small, discrete test that allow even small security teams to begin testing their environment. The aim of these tests is to drive better detection and hunting capabilities.
In this training, students will learn the basics and how to navigate the ART framework. We will build on this foundation to develop advanced test cases utilizing recent threat reports as test cases. In final, students will walk away with the confidence to contribute back to Atomic Red Team.
Resources Required: A Windows Computer ( Laptop or Virtual Machine ), Internet Connectivity, Administrator rights to install software on the Windows Computer. Our test framework can be found here: https://github.com/redcanaryco/atomic-red-team
Tony is a professional geek that loves to jump into all things related to detection and digital forensics. After working for several years in Desktop and Systems Administration, in 2017 he moved over to the Red Canary team to help find evil and augment detection capabilities for customers’ endpoints.
Tony holds a Master’s of Science in Digital Forensic Science from Champlain College and has also taught numerous technology classes for a local community college.