c0c0n 2021
Adversary Village

Alexander Manners

Principal Security Engineer, Prelude Research, Inc.

Alex Manners is a Principal Cybersecurity Engineer at Prelude Research Inc. There, he leads the Security Research and Engineering team building attacks, agents, and more, for an autonomous red teaming platform called “Operator”. Prior to joining Prelude, Alex spent 2 years at The MITRE Corporation as the research and development (R&D) team lead for the CALDERA adversary emulation framework and a member of the ATT&CK Evaluations team. His experience spans the government and private sector, including cloud security at Amazon Web Services (AWS), federal contracting at CACI, and several years as a Cyber Warfare Operations Officer in the US Air Force (USAF).

Workshop: Introduction to Adversary Emulation with Prelude Operator

The modern cybersecurity landscape is an escalating arms race between attackers and defenders - attackers are constantly researching and building new techniques and tools while defenders try to identify, detect, and respond to them. Using automation tools that emulate attacker methodologies, defenders can perform simple, repeatable attacks to drive their detection engineering efforts, security validation tasks, and ultimately improve processes. This entry level class will take students through the basics of setting up and using Operator to perform basic adversary emulation tasks and investigate how that can be used to create a continuous defensive evaluation process.

Core Topics/Course Content:

Basics of offensive infrastructure and command and control (C2) tools
Basics of threat modeling and parsing Cyber Threat Intelligence (CTI)
How to use Operator to construct and launch basic adversaries
Basics of planning cyber exercises (Plan, Brief, Execute, Debrief - PBED cycle)
How to build a continuous defensive evaluation/improvement process


Computer/Laptop (Windows, Linux, macOS)
Basic knowledge of using a Shell environment (Powershell, Bash, etc)


Computer/Laptop (Windows, Linux, macOS) - need Administrator privileges
Recommend Ubuntu 20.04/Kali 2021+, Windows 10+, macOS 11.6+
[Optional]: AWS free tier account (provisioning redirectors and test servers)

Who should attend:

Students/individuals interested in general cybersecurity topics
Blue team/defenders (tools, techniques, processes)
Red team/purple team (tools, techniques, processes)
Management looking for process improvement methodologies

What to expect:

Hands-on labs based around the core content
Actually using a C2 framework, building basic adversary profiles, and running them against systems

What not to expect:

Death by powerpoint slides
Extreme technical on any topic in particular