Senior Security Consultant
Leo is a Senior Security Consultant at WithSecure where he leads the Attack Path Mapping service. His
current role involves planning and conducting collaborative offensive security assessments for large
organisations, while building the team globally and pushing the boundaries of threat simulation.
After a brief stint on the defensive side, he returned to consulting with a mission to help SOC teams of
all sizes develop their detective capability. To this end, he has been designing and leading purple team
exercises for WithSecure’s clients.
His passion for technical research has occasionally led to the discovery of vulnerabilities in products which were assigned CVE IDs and presented at security conferences like ROOTCON and BSides. In his free time, Leo volunteers his skills and experience to help NGOs across the world address their cyber security needs.
| Aug 11th 2024 | DEF CON Creator Stage 3 | Las Vegas Convention Center. Purple Team Attack Simulation
So your organisation decided to follow the trend and switched to Kubernetes for
hosting their applications. And this means that the mission for the SOC, has now changed from monitoring
servers and networks, to building detective capability for a container orchestration platform. Where do
you even start with for Kubernetes TTPs? What attack signatures should you alert upon, and what logs are
there to look for in first place?
A similar challenge arises for the offensive security practitioner: What strategies exist for performing
continuous Kubernetes threat emulation?
Infrastructure technologies have changed rapidly, and adversaries have adapted. Despite the novelty of
attack surface, insider threats still remain relevant and prevention alone is not enough to manage the
risk posed to the modern enterprise.
This talk will explain the benefits of investing in a proactive approach to the security of your
Kubernetes clusters through collaborative purple teams, and will provide a comprehensive guide for doing
so – as informed by our latest research and experience in running attack simulations against large
enterprises. Attendees will get up to speed with Kubernetes security monitoring concepts and will take
away key advice for planning and executing successful attack detection exercises against containerised
environments.
We Engage.
Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!
