Adversary Sandbox
RSA Conference
2023

Moscone Center, San Francisco.
April 24 - 27, 2023

Agenda for Adversary Sandbox at RSA Conference 2023


Adversary Sandbox at RSA Conference 2023 will have technical talks, live demos, Adversary Wars CTF, Adversary Simulator and Purple team booth, panel discussions and other hands-on activities on adversary simulation, emulation and purple teaming.

Adversary sandbox schedule:


  • Tuesday, April 25, 9:30 AM - 4:30 PM
  • Wednesday, April 26, 9:30 AM - 4:30 PM
  • Thursday, April 27, 9:30 AM - 3:00 PM

Technical talks - Panel discussions on Purple teaming and Adversary simulation



The Adversary Sandbox will have technical talks and panel discussions participating industry leaders focused on Purple teaming, adversary simulation and the trends in adversarial tradecraft.

Panel Discussion: Increasing Security ROI with Adversary Simulation and Purple Teaming

SBX2-W10 | RSAC Sandbox stage | Wednesday, Apr. 26, 2023 3:30 PM - 4:20 PM PT

Ransomware campaigns and state sponsored threat actors mutate quickly which is evolving defense mechanisms, thereby forcing organizations to invest more in cybersecurity. This session will discuss how organizations can use adversary simulation and purple teaming to build a more effective security program and increase security ROI.

Jon Baker

Jonathan Baker

Moderator
Director, Center for Threat-Informed Defense, MITRE Engenuity

Director, Center for Threat-Informed Defense, MITRE Engenuity

Jorge

Jorge Orchilles

Panelist
Instructor, Author, Purple Team Ambassador, SANS

Instructor, Author, Purple Team Ambassador, SANS

Daniel

Daniel DeCloss

Panelist
CEO and Founder at PlexTrac

‌CEO and Founder at PlexTrac

#

Abhijith B R

Panelist
Founder and Lead at Adversary Village


Adversary Simulator and Purple Team Hands-on Booth

Hands-on activity | SBX2 | Adversary Sandbox | RSAC Sandbox
April 25, 11:30 AM - 3:30 PM | April 26, 10:30 AM - 04:30 PM | April 27, 09:30 AM - 12:00 PM Pacific time

Adversary Village will be hosting a hands-on initiative named Adversary Simulator and Purple Team booth. Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.

This is a volunteer assisted activity where anyone, both management and technical folks can come-in and experience different categories of simulation, emulation and purple scenarios. Adversary Simulator booth will be having a lab environment focused on recreating enterprise infrastructure, aimed at simulation and emulating various adversaries. The booth visitors will be able to view, simulate and control various TTPs used by adversaries. The simulator is meant to be a learning experience, irrespective of whether one is hands-on with highly sophisticated attack tactics or from the management.

Technical talk: Dressing Adversary Emulation in Business Attire: Outcomes and Successes

SBX2-R03 | RSAC Sandbox stage | Thursday, Apr. 27, 2023 10:15-11:40 AM PT

Jamie

Jamie Williams

Speaker
Principal Adversary Emulation Engineer, The MITRE Corporation

Principal Adversary Emulation Engineer, The MITRE Corporation

We very often focus on the technical execution of adversary emulation, but must also not forget to highlight the broader “so what?” relative to the business. In this talk we will explore various examples of using adversary emulation to identify and deliver impactful business outcomes.
Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).

Choose your own Adversary Adventure - Game

Hands-on activity | SBX2 | Adversary Sandbox | RSAC Sandbox
April 25, 09:30 AM - 3:30 PM | April 26, 09:30 AM - 04:30 PM | April 27, 09:30 AM - 01:00 PM Pacific time

Adversary Adventure is a Choose-Your-Own-Adventure model interactive game, where everyone can participate, choose the various activities of an adversary, post exploitation.
The Viking symbol Vegvisir was believed to be a guide helping the carrier to find their way back! The vikings believed that the symbol could help a person find the right path in case of bad weather or storms, regardless of the environment they encounter. Lets hope Vegvisir can guide you through the each challenges in the Adversray Adventure Game.

Adversary Sandbox: Highlights

Sessions by guest speakers and hands-on activity leads. Happens the in the Adversary Sandbox area.


Welcome and Introduction

Adversary Village


The way of the Adversary

Phillip Wylie


Hands-on session

Introduction to Micro Emulation plans [Adversary simulator/Purple team booth]

Mike Cunningham, R&D Program manager at MITRE Engenuity CTID



Adversary Emulation with Caldera [Adversary simulator/Purple team booth]

Michael B Kouremetis, Caldera Lead at MITRE


Breach simulation range walkthrough and extracting TTPs to build a purple team exercise [Adversary simulator/Purple team booth

Abhijith B R


Offensive Security QnA with Jason Haddix | Adversary Sandbox Closing note

Jason Haddix, CISO at BuddoBot

Adversary Sandbox

Welcome and Introduction

Adversary Village

Adversary Philosophy

The way of the Adversary

Phillip Wylie

Hands-on session

Introduction to Micro Emulation plans [Adversary simulator/Purple team booth]

Mike Cunningham, R&D Program manager at MITRE Engenuity CTID


>Hands-on session

Adversary Emulation with Caldera [Adversary simulator/Purple team booth]

Michael B Kouremetis, Caldera Lead at MITRE

Hands-on session

Breach simulation range walkthrough and extracting TTPs to build a purple team exercise [Adversary simulator/Purple team booth

Abhijith B R

QnA and Closing note

Offensive Security QnA with Jason Haddix | Adversary Sandbox Closing note

Jason Haddix, CISO at BudoBot

Breach Simulation Range

Hands-on activity | SBX2 | Adversary Sandbox | RSAC Sandbox
April 25, 09:30 AM - 3:30 PM | April 26, 09:30 AM - 04:30 PM | April 27, 09:30 AM - 12:00 PM Pacific time

This is a CTF like technical hands-on activity for hackers and offensive security professionals. There would be a cyber range which is an exact replica of a target organization. The participants need to perform a wide variety of attack tactics like initial access-to-data exfiltration in the environment to locate the hidden flags and complete the cyber range exercises. The difficulty level of the cyber range would be easy to medium.

Sponsors
Adversary Sandbox at
RSAC 2023

Gold Sponsors


Community Partner