Lead Applied Cyber Security Engineer, MITRE Corp.
Mark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
| Aug 9th 2024 | Adversary Village Area | Las Vegas Convention Center. Adversarial Emulation
MITRE Caldera is a scalable, automated adversary emulation, open-source
cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and
energy through automated security assessments. Caldera not only tests and evaluates detection/analytic
and response platforms, but it also provides the capability for your red team to perform manual
assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The
framework can be extended to integrate with any custom tools you may have.
The development team behind the platform is a group of red teamers, software developers, exploit writers,
cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue
the common goal of building a premier adversary emulation platform for our security defenders around the
world.
To showcase Caldera at DEF CON 32, we will present a scenario that a commercial or corporate entity may
ask of a security team. In this scenario, a concerned organization is requesting a security team to
develop a repeatable adversary emulation plan based on current cyber threat intelligence (CTI) for a
specific advanced persistent threat (APT) that has been targeting the organization’s industry sector.
We will create three cyber threat intelligence reports for this adversary detailing the tactics,
techniques, and procedures (TTPs) attributed to them. These TTPs will correspond with the abilities
available in Caldera’s Stockpile and Atomic plugins. This collection of abilities makes the job of
developing an adversary emulation very simple.
We will go on to demonstrate how to develop an adversary emulation plan in Caldera utilizing the relevant
TTPs described in the CTI reporting.
Finally, we will execute the new adversary emulation plan against the target machines and display the
facts that Caldera collects during an operation, the outputs of all commands run, and the final report
generated by the Debrief plugin.
*We also plan to provide 3 workstations so that audience members without a personal computer may take
part.
We Engage.
Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!
