Adversary Village
DEF CON 30
Speakers

Workshop: Building Adversary Chains Like an Operator
Hands-on Workshop

Every week, the Prelude security team builds attack chains that emulate the most notorious threat actors online. The attacks are released in an event called “TTP Tuesday” and each chain can be browsed on chains.prelude.org. For those with an Operator license, the chains pop into the command-and-control (C2) application automatically. For the first time, the author of Operator - along with Prelude security engineers - will walk you through their process of building and releasing these chains. In this workshop, you will learn how to:

• * Evaluate open-source threat intelligence and output it as an attack plan.
• * Convert your plan into an actionable set of TTPs called a “chain”.
• * Select hosts around your network to test your plan.
• * Deploy agents on your selected hosts and execute your chain against them.
• * Put your chains on repeat so they’re constantly at work in your environment.
• * Package your results into a report that can measure your success.

You should expect to be hands-on, with a laptop running Operator. Expect to walk away from this workshop with both knowledge of how to build attack chains and a brand new, unreleased chain that will go out in a future TTP Tuesday event. Attackers use advanced tactics to infiltrate your network and run undetected. Learn how to emulate them so you can get ahead of their game. Proactive adversary emulation leads to better detection, which leads to faster response and a more robust grasp of your current risk profile.