Webcasts

Adversary emulation using CALDERA – Building custom plugins – Part #3

• Monday, May 04, 2020 at 1:00 PM EDT (2020-05-04 17:00:00 UTC)
• Erik Van Buggenhout

You can now attend the webcast using your mobile device!

  

Overview

In our final webcast in the series, we will take it a step further. While we covered development of CALDERA abilities during the previous webcast, we will develop custom plugins now. Plugins are at the core of CALDERA and can be used to further extend the engine and CALDERAs overall capabilities. We will show an example of a custom plugin that can be developed to create a custom JSON export of MITRE ATT&CK coverage. This in turn can be used to build a fully automated adversary emulation pipeline that reports on both prevention & detection coverage of MITRE ATT&CK techniques!

Speaker Bio

Erik Van Buggenhout

Erik Van Buggenhout is the lead author of SEC599 - Defeating Advanced Adversaries. In addition to SEC599, Erik teaches SEC560 - Network Penetration Testing & Ethical Hacking and SEC542 - Web Application Penetration Testing & Ethical Hacking. He has been involved with SANS since 2009, first as a Mentor, working his way to Community Instructor in 2012 and finally becoming a Certified Instructor in 2016.

Erik loves explaining deeply technical concepts by using war stories, adding a few funny anecdotes here and there. As a testimony of his technical expertise, he has obtained the GSE, GCIA, GNFA, GPEN, GWAPT, GCIH, and GSEC certifications.

In addition to his work with SANS, Erik is the co-founder of Belgian cyber security firm NVISO, which focuses on high-end cyber security services, specializing in government, defense and the financial sector. Together with his team of 20+ technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.