Cyber Security Engineer at MITRE Corp.
Rachel Murphy is a Cyber Security Engineer at MITRE Corp. She has a B.S. in Mechanical Engineering and prior to joining MITRE, she worked as a mechanical engineer at NASA performing thermal analysis for the International Space Station at Johnson Space Center in Houston, TX. Rachel has worked on projects in adversary emulation, red teaming, cyber threat intelligence, and software development. Part of this work includes supporting Caldera’s research in artificial intelligence, developing Caldera workshops like this one, and promoting Caldera’s benefactor program. She has also served as a red team operator for MITRE Engenuity’s ATT&CK Evaluations.
| Aug 9th 2024 | Adversary Village Area | Las Vegas Convention Center. Adversarial Emulation
MITRE Caldera is a scalable, automated adversary emulation, open-source
cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and
energy through automated security assessments. Caldera not only tests and evaluates detection/analytic
and response platforms, but it also provides the capability for your red team to perform manual
assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The
framework can be extended to integrate with any custom tools you may have.
The development team behind the platform is a group of red teamers, software developers, exploit writers,
cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue
the common goal of building a premier adversary emulation platform for our security defenders around the
world.
To showcase Caldera at DEF CON 32, we will present a scenario that a commercial or corporate entity may
ask of a security team. In this scenario, a concerned organization is requesting a security team to
develop a repeatable adversary emulation plan based on current cyber threat intelligence (CTI) for a
specific advanced persistent threat (APT) that has been targeting the organization’s industry sector.
We will create three cyber threat intelligence reports for this adversary detailing the tactics,
techniques, and procedures (TTPs) attributed to them. These TTPs will correspond with the abilities
available in Caldera’s Stockpile and Atomic plugins. This collection of abilities makes the job of
developing an adversary emulation very simple.
We will go on to demonstrate how to develop an adversary emulation plan in Caldera utilizing the relevant
TTPs described in the CTI reporting.
Finally, we will execute the new adversary emulation plan against the target machines and display the
facts that Caldera collects during an operation, the outputs of all commands run, and the final report
generated by the Debrief plugin.
*We also plan to provide 3 workstations so that audience members without a personal computer may take
part.
We Engage.
Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!