Adversary Village

Sanne Maasakkers

Security specialist at NCSC-NL

Sanne Maasakkers is working as a security specialist at NCSC-NL. After spending some years in offensive security, she now uses this knowledge to make Dutch vital infrastructure more resilient. She is mainly interested in researching social engineering tactics and techniques of the bigger APTs and presented 'Phish like an APT' last year at the digital version of Adversary Village. Additionally, she likes to host CTFs for young talents, coach the European CTF team, and host awareness sessions.

Talk:Hacked by Raspberia: Simulating a nationally disruptive attack by a non-existent state actor
Adversary Story

Suppose you need to create a scenario for a national cyber crisis exercise with hundred participating organizations. It has to be an attack with a disruptive national impact BUT cannot be an existing APT group. The solution: creating a realistic threat actor and their simulated attack - entirely from scratch. Creating such an adversary simulation is not an easy task. How do you simulate a zero-day attack on the networks of all participating companies, create a fictive country, define TTPs for the non-existent adversary, reflect all defined TTPs in the attack, and allow attribution? This talk includes a detailed description of the attack chain created and how more than two thousand participants broke their heads over finding the attack path in supplied injects, like event logs, memory dumps, and custom malware.