Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction Atomic Red Team Framework

Pralhad Chaskar
December 22, 2017
Technology
0
310

Introduction Atomic Red Team Framework

Presented at null Dubai Meet 22 December 2017 Monthly

Pralhad Chaskar

December 22, 2017
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
M365 Security Review
c0d3xpl0it
0
280
RDP Hijacking
c0d3xpl0it
0
360
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
210
Pwning O365 Infrastructure
c0d3xpl0it
0
520
AWS Security Assessment
c0d3xpl0it
0
1.3k
Bloodhound 2.0
c0d3xpl0it
0
150
Auditing ACLs on Active Directory
c0d3xpl0it
0
140
Adversay Emulation using Caldera
c0d3xpl0it
1
130
GPO Vs Applocker Restrictions
c0d3xpl0it
0
540

Other Decks in Technology

See All in Technology
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
360
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
200
私が trocco を推す理由
__allllllllez__
1
220
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
310
競技としてのKaggle、役に立つKaggle
yu4u
3
1.2k
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
390
Cracking the KubeCon CfP
inductor
2
250
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
220
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
170

Featured

See All Featured
Gamification - CAS2011
davidbonilla
76
4.6k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
659
120k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Optimizing for Happiness
mojombo
370
69k
Music & Morning Musume
bryan
41
5.6k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
121
39k
Become a Pro
speakerdeck
PRO
11
4.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Faster Mobile Websites
deanohume
299
30k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
Being A Developer After 40
akosma
57
580k

Transcript

  1. Atomic Red Team Framework By Pralhad Chaskar (@c0d3xpl0it)

  2. @redcanaryco @MITREattack Entire talk is inspired by below teams work

    !! @Cyb3rWard0g

  3. About MITRE Reference : - https://www.mitre.org/

  4. None
  5. None
  6. None
  7. None

  8. Atomic Red Team Framework has mapping for all ATT&CK checks

  9. Test case for Credential Dumping (T1003)

  10. How to use Atomic Red Team Framework

  11. None

  12. Emulating APT’s (Chain Reactions)

  13. Sysmon • System Monitor (Sysmon) is a Windows system service

    and device driver which provides detailed information about process creations, network connections, and changes to file creation time. • By collecting the events you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. • Note that Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers. Reference : - https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

  14. Sysmon install with config file

  15. None

  16. How to collate all test data/results and present to management

    ??

  17. Generate HeatMaps !! • https://github.com/Cyb3rWard0g/ThreatHunter- Playbook/blob/master/metrics/HuntTeam_HeatMap.xlsx

  18. None
  19. None

  20. CALDERA (again by ….MITRE team) It is an automated adversary

    emulation system that performs post- compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre- configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. Reference : - https://github.com/mitre/caldera https://www.blackhat.com/docs/eu-17/materials/eu-17-Miller-CALDERA-Automating-Adversary-Emulation.pdf

  21. Takeaways • Visibility of endpoints in Infrastructure • Analayze logs

    (powershell, cmd, etc) • Test framework against own infrastructure before attacker own’s you • Maturity of blue team is important • All teams (Red, Blue, Purple, etc) should work together

  22. References • https://attack.mitre.org/wiki/Main_Page • https://github.com/redcanaryco/atomic-red-team • https://github.com/Cyb3rWard0g/ThreatHunter-Playbook • https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI

  23. None