Texas Cyber Summit IV
Adversary Village

David Hunt

CTO, Prelude Research

David Hunt is the CTO of Prelude. David specializes in building teams which bridge cybersecurity with best-practice technology. Before coming to Prelude, David spent two years at MITRE Corporation in a dual-role as head developer and project lead for the CALDERA adversary emulation framework. David designed CALDERA v2 from the ground up and instrumented a plan which made it the industry leader in open-source breach and simulation. Prior to this work, David spent 15 years in offensive security and management roles, ranging organizations like Rockwell Collins, John Deere, Kenna Security and FireEye.

While at FireEye, David personally oversaw the storage and access of Mandiant's threat intelligence data, as the leader of the (then secretive) Nucleus team. Over the years, David has also worked as a contractor for several U.S. intelligence agencies, working domestically and internationally, as a principal security specialist.

Talk: The future of Red vs Blue

Red/blue exercises are fascinating. A few times a year governments and enterprises - who can afford these advanced security practices - coordinate a multi-week event in which the red team hacks into a specific part of the company while the blue team defends. The goal is to simulate a real world attack in order to prove out if the defensive tools and practices are working - or not.

These events are infrequent and expensive. But what if they weren’t?
Most organizations run some type of blue team “agent” on workstations and servers. These agents come in many flavors - AV, EDR, XDR, … - but they’re only stress-tested in realistic ways when the red team comes to town. That’s because they’re only one half of the equation: there needs to be a “red agent” on each workstation to continuously test the efficacy of the defense.

In this talk, you’ll learn how to run red/blue exercises on any endpoint in your organization. But this is not a continuous red teaming talk. This is a defense-in-depth talk where you'll learn how to test the efficacy of your defense or even how non-security people at your organization react when faced with an adversary.

Recorded Live 📼