$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

ATT&CKing your Enterprise: Adversary Detection Pipelines & Adversary Simulation

  • Friday, August 02, 2019 at 3:30 PM EDT (2019-08-02 19:30:00 UTC)
  • Xena Olsen, Ben Goerz

You can now attend the webcast using your mobile device!



In a world where cybersecurity is filled with con-men, rock stars, n00bs, security evangelists, dude-bros, and the rest of us, can red and blue teams work together to save the world? Join two cyber threat intel pros as they build out an Adversary Detection Pipeline and a TTP menu for Adversary Simulation. In this talk, youll learn how to work with the data you have to map threat actors attacking your organization to the MITRE ATT&CK framework. We will then explore how the Red Team can use this knowledge to perform Adversary Simulation, creating more-relevant findings for the organization. Ultimately, the focus will be on how you can create an Adversary Detection Pipeline and repackage it for other teams to use with your existing tools, budget, and experience.

Speaker Bios

Xena Olsen

Xena Olsen is a cyber threat intelligence analyst in the financial services industry. A graduate of SANS Women’s Academy with 7 GIAC certifications, an MBA IT Management, and a doctoral student in Cybersecurity at Marymount University.

Ben Goerz

Ben Goerz works in the Counter Threat Unit (purple team) at Kimberly-Clark Corp, where he specializes in Threat Intel & Hunting. He holds an MS in Information Technology Management and MBA from UT Dallas.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.