Last Day to Save $350 on 4-6 Day Cyber Security Courses at SANS Network Security in Las Vegas!

Network Security 2019

Las Vegas, NV | Mon, Sep 9 - Mon, Sep 16, 2019
Event starts in 54 Days
 

Automated Adversary Emulation using Caldera

  • Erik Van Buggenhout
  • Wednesday, September 11th, 7:15pm - 8:15pm

MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator and Caldera facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Some more information on Caldera from the official documentation (https://github.com/mitre/caldera):

"CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CKā¢) project. These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions."

During this talk, Erik will demonstrate some Caldera strong points and weaknesses and how it can be further improved (e.g. how can we build additional steps to increase our ATT&CK coverage or how can we adapt steps to handle new Windows 10 security features such as ExploitGuard and AMSI).

Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
Monday, September 9
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, September 9th, 8:00am - 8:30am Special Events
My Success is Built on the Bones of so Many Failures John Strand Monday, September 9th, 7:15pm - 9:15pm Keynote
Tuesday, September 10
Session Speaker Time Type
Coffee & Donuts with the Graduate Students Tuesday, September 10th, 7:30am - 9:00am Reception
Women's CONNECT Tuesday, September 10th, 6:00pm - 7:00pm Reception
GIAC Overview Presentation Jeff Frisk Tuesday, September 10th, 6:15pm - 7:00pm Special Events
Active Industrial Control System Cyber Defense - Colonel Mustard...Candlestick...Kitchen Dean Parsons Tuesday, September 10th, 7:15pm - 8:15pm SANS@Night
CYA by Using CIA Correctly For A Change Keith Palmgren Tuesday, September 10th, 7:15pm - 8:15pm SANS@Night
Hacking Dumberly, Just Like the Bad Guys Tim Medin Tuesday, September 10th, 7:15pm - 8:15pm SANS@Night
Moving Past Just Googling It: Harvesting and Using OSINT Micah Hoffman Tuesday, September 10th, 8:15pm - 9:15pm SANS@Night
DevSecOps: Key Controls For Modern Security Success Eric Johnson Tuesday, September 10th, 8:15pm - 9:15pm SANS@Night
Wednesday, September 11
Session Speaker Time Type
Vendor Solutions Expo Wednesday, September 11th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, September 11th, 5:15pm - 6:15pm Vendor Event
The Data Privacy Imperative Ben Wright Wednesday, September 11th, 7:15pm - 8:15pm SANS@Night
Failing to Succeed in Cyber Security and Risk Management My-Ngoc Nguyen Wednesday, September 11th, 7:15pm - 8:15pm SANS@Night
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them Lenny Zeltser Wednesday, September 11th, 7:15pm - 8:15pm SANS@Night
Automated Adversary Emulation using Caldera Erik Van Buggenhout Wednesday, September 11th, 7:15pm - 8:15pm SANS@Night
Modern Information Security: Forget Cyber, It's All About AppSec Adrien de Beaupre Wednesday, September 11th, 8:15pm - 9:15pm SANS@Night