Adversary Village
DEF CON 30
Speakers

Jake Williams

Executive Director Cyber Threat Intelligence at SCYTHE

Jake Williams is the Executive Director of Cyber Threat Intelligence at SCYTHE. Previously, he's been an incident responder, a breaker of software, and a former government hacker who is probably wanted by all the cool countries. Jake has spent decades in information security and many years consulting with clients in different verticals and across the globe to secure networks, investigate breaches, and ensure secure operations. Likes: threat modeling, application security, threat hunting, and reverse engineering. Dislikes: self-proclaimed thought leaders and anyone who needlessly adds blockchain to a solution that was operating perfectly well without it.

Workshop: Attack and Defend with Adversary Emulation
Hands-on Workshop Purple Team Adversary Simulation

Command and Control is one of the most used tactics by adversaries in intrusions. Without command and control, you have to write a worm, and worms can get out of control. For this reason, 95% or more of attacks use Command and Control. We will leverage cyber threat intelligence to develop procedural emulations to attack target systems and then cover how to detect the attacks. The workshop will begin with a brief lecture to introduce cyber threat intelligence, threat emulation development, and detection engineering. The rest will be hands-on keyboard exercises.

We will supply individual labs using the VMware Learning Platform. The lab environment will include an attack system and a target Windows system. Please bring a laptop with internet access so that you can connect to the cloud-hosted VMware lab environment.

Attendees will be able to follow the self-paced guide to set up emulations, create payloads, and gain execution for assumed breach payloads. From there, various adversary behaviors will be walked through to meet adversary objectives. From the defensive side, the guide will walk the attendee through setting up data sources for detection using free tools and cover common detection types.