Presentation is loading. Please wait.

Presentation is loading. Please wait.

Combining the best of Audit and Penetration Testing

Published byAgus Gunardi Modified over 6 years ago

Similar presentations

Presentation on theme: "Combining the best of Audit and Penetration Testing"— Presentation transcript:

1 Combining the best of Audit and Penetration Testing
Adversary Simulation Combining the best of Audit and Penetration Testing

2 What is an adversary simulation?

3 What is an Adversary Simulation?
The concept became common during 1960’s military war-game exercises Red Team + Blue Team = Purple Team? Threat Emulation Threat Hunting Adversary (ad-ver-ser-ee) noun a person, group, or force that opposes or attacks; opponent; enemy; foe. Simulation (sim-yuh-ley-shuh n) imitation or enactment, as of something anticipated or in testing. Source: Dictionary.com

4 Let’s Create a Definition…
Assumptions: Compromise is assumed. There is always a successful attack vector, initial compromise cannot be prevented. Focus should be post-compromise actions Goals: Prepare network and host defenses to defend against attacks Prepare defensive staff and incident responders against targeted, sophisticated, and determined attacks Reduce “Time to Detect” and “Time to Recovery” when a real event arises Validate control investments (CHECK) and make configuration improvements (ACT) Requirements for Effectiveness: Must use known adversary tactics, techniques and procedures (TTPs) TTPs should be relevant to your industry and business/organization Emulate real threat actors and scenarios (basic -> advanced)

5 Adversary Simulation Focuses on Post-Compromise
The cyber kill chain Adversary Simulation Focuses on Post-Compromise

6 Typical Cyber Kill Chain Representation

7 So what is an Adversary simulation?

8 SynerComm’s Adversary Simulation
Based on pre-defined or customized playbook Command and control, persistence, discovery and credential access Privilege escalation and lateral movement Collection and exfiltration Defense evasion Typically performed onsite in Cooperation with our client’s Team Methodical, repeating process: Attack > Validate Control > Improve Control > Validate Control > Next Attack Tactics, techniques and procedures based on MITRE ATT&CK for Enterprise

9 MITRE Adversarial Attack Tactics

10 MITRE ATT&CK for Enterprise

11 Benefits of Adversary Simulation
Train and prepare IT, security and response staff Validate, tune and improve control effectiveness Enterprise focus is on SIEM collection and alerting

12 SynerComm’s AdSim Process
Scope High-Level Playbook Consult to Define the Playbook Execute the Playbook Tune & Adjust Controls Retest

13 SynerComm’s AdSim Process

14 SynerComm’s AdSim Process

15 Thank You for Attending! Go Tell Your Friends
Questions? Thank You for Attending! Go Tell Your Friends

Download ppt "Combining the best of Audit and Penetration Testing"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.

Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
“Building sustainable capabilities across all phases of Emergency Management in Kansas through selfless service” KDEM EMPG 2012 OVERVIEW 13 September 2011.

“Building sustainable capabilities across all phases of Emergency Management in Kansas through selfless service” KDEM EMPG 2012 OVERVIEW 13 September 2011.
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
-UNCLASSIFIED- Missile Defense Exercise Planning Presented By: Mr. Ohad Elbahar Israel Missile Defense Organization May 5 2010 First Annual Israel Multinational.

-UNCLASSIFIED- Missile Defense Exercise Planning Presented By: Mr. Ohad Elbahar Israel Missile Defense Organization May First Annual Israel Multinational.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Understanding the Threats of and Defenses Against Cyber Warfare.

Understanding the Threats of and Defenses Against Cyber Warfare.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )

International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )

Similar presentations

Ads by Google