Principal Adversary Emulation Engineer (MITRE ATT&CK)
Cat Self is a Principal Adversary Emulation Engineer working as the macOS/Linux Lead for ATT&CK®, malware developer for MITRE ATT&CK® Evaluations, and SME for International Programs. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and threat hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, workshops, and public speaking. Outside of work, she is often planning an epic adventure, climbing mountains in foreign lands, learning Chinese, or meeting great people salsa dancing.
| Aug 10th 2024 | Adversary Village Area | Las Vegas Convention Center. Adversary Tactics
Skills are learned, but application is art. Much like an artist learning the skill to draw, in this workshop, we learn the skill to identify and create byte-sized adversary emulation-based tests. By reading a report with the lens of MITRE ATT&CK, we identify procedures that link back to MITRE ATT&CK techniques or sub-techniques, which allows us to create an atomic red team test based on the reporting. However, like every artist faces when putting pen to paper, the skill of drawing is not the same as the skill of creating. Using art forgery concepts to help us overcome these obstacles, we walk through how to navigate the gaps in reporting and emulate versus simulating the adversary. Participants are encouraged to finish out the atomic tests and contribute to the public Atomic Red Team GitHub. Welcome to the club of legal copycats. Intended audience: International audience with English is a second language. Beginner to intermediate skill. Basic level of programing knowledge and cyber security concepts required. Students are expected to provide their own laptop. Have a GitHub account & understand the clone, git and pull commands.
Prerequisites macOS VM Setup Use this walkthrough in support of the 2024 Adversary Village workshop, CopyCat: An Artist’s guide to Adversary Forgery. Presentation Environment: VS Code on a macOS M3 is development environment presented in the Workshop. Use the following tutorial to install VS Code and follow along with the same configuration. macOS VM Setup: Step 1: Download a virtualization software of choice. Use UTM, Virtual Box. Follow the instructions on their websites to create a VM. Step 2: Download the IPSW file for macOS. Note, be careful of the ads. Or download a DMG file from the Apple Store and convert it into an ISO file, example here. Step 3: Install the IPSW file (UTM) or ISO file (Virtual Box) according to the instructions. UTM, Virtual Box. Step 4: Change the Desktop background. This is helpful to quickly answer the question, "what computer am I working in?" Alternative: For the super star, you can also use macOS native virtualization. Set up your macOS Development Environment Step 1: Install an IDE of choice. Development requirements for an IDE are the following. Supports c libraries, Works on macOS, Ability to quickly edit and run a program, Command line interface, Bonus: if it supports Google Test integration For those in favor of a 1990’s terminal window, you can absolutely use VIM, Nano, etc. However this is not recommended for the new professionals & students. Step 2: Test the configuration. Use the following tutorial to test out building a "Hello World" C program. This will ensure you have configured the IDE successfully. Note, this uses Visual Studio code as the IDE.
We Engage.
Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!
