Workshop: Building Adversary Chains Like an Operator
Every week, the Prelude security team builds attack chains that emulate the most
notorious threat actors online. The attacks are released in an event called “TTP Tuesday”
and each chain can be browsed on chains.prelude.org. For those with an Operator
license, the chains pop into the command-and-control (C2) application automatically. For
the first time, the author of Operator - along with Prelude security engineers - will walk
you through their process of building and releasing these chains.
In this workshop, you will learn how to:
* Evaluate open-source threat intelligence and output it as an attack plan.
* Convert your plan into an actionable set of TTPs called a “chain”.
* Select hosts around your network to test your plan.
* Deploy agents on your selected hosts and execute your chain against them.
* Put your chains on repeat so they’re constantly at work in your environment.
* Package your results into a report that can measure your success.
You should expect to be hands-on, with a laptop running Operator. Expect to walk away
from this workshop with both knowledge of how to build attack chains and a brand new,
unreleased chain that will go out in a future TTP Tuesday event.
Attackers use advanced tactics to infiltrate your network and run undetected. Learn how
to emulate them so you can get ahead of their game. Proactive adversary emulation
leads to better detection, which leads to faster response and a more robust grasp of
your current risk profile.