TIL SEC564 Red Team Exercises & Adversary Emulation
Things I learned (TIL) and what I got out of the awesome two days SANS course on Red Team and Adversary Emulation I took online after Purple Team Summit 2021
TIL SEC564 Red Team Ops and Adversary Emulation
Things I learned (TIL) and what I got out of the awesome two days SANS course on Red Team and Adversary Emulation I took online after Purple Team Summit 2021
Course page: https://www.sans.org/cyber-security-courses/red-team-exercises-adversary-emulation/
- huge 2 day brain dump from an experienced operator and leader on effective practices (Thanks @jorgeorchilles !)
- useful definitions and models to distinguish the role of different functions
- along with Purple Team Summit Talks and Red Team Guide book :
- distinguish: vuln scan, vuln assessment, pen test, red team, purple team, adversary emulation
- intelligence driven process model for offensive operations using adversary emulation
- plus another designed for purple team exercises and programs
- some background and tips on current platforms: Empire (and Starkiller), Scythe.io, Vectr.io, and Caldera
- a few hours practice on a full chain intrusion scenario (phish, elevate, lateral, exfil)
- particularly great for me because there were more than one machine I could access
Written on July 13, 2021