Adversary emulation using CALDERA Building custom abilities Part #2

  • Webcast Aired Wednesday, 01 Apr 2020 10:30AM EDT (01 Apr 2020 14:30 UTC)
  • Speaker: Erik Van Buggenhout

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK ') project. These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions. During this webcast, we will illustrate how CALDERA abilities are built and how we can extend CALDERA's functionalities by building abilities ourselves.