{"id":4291,"date":"2019-08-12T11:05:34","date_gmt":"2019-08-12T03:05:34","guid":{"rendered":"http:\/\/mayanknauni.com\/?p=4291"},"modified":"2019-08-12T11:14:32","modified_gmt":"2019-08-12T03:14:32","slug":"adversary-emulation-tools-for-red-blue-teams","status":"publish","type":"post","link":"https:\/\/mayanknauni.com\/?p=4291","title":{"rendered":"Adversary Emulation Tools for Red \/ Blue Teams"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><em>Disclaimer: \u2013 This note was written by me (Mayank Nauni)&nbsp;in my  \npersonal capacity. The opinions expressed in this article are solely my \n own and do not reflect the view of my employer or my preference towards\n  any of the OEMs.<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This long weekend, I was\nthinking of an automated pipeline for Blue \/ Red Teams which could potentially perform\ntheir routine testing, freeing them to address other critical tasks,\nin short, I was looking for Adversary Emulation tools<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Driving Factors for Adversary Emulation Tools <\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\nFirewalls\nand Anti-Virus can be easily bypassed by the attackers<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\nExisting\nSecurity policies are reactive i.e. detect and address <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\nExtreme\nshortage of InfoSec professionals <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What should be the focus: &#8211;<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Analyse the network traffic and identify anomalous activity , proactive approach<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\nThreat\nmodelling, conduct research, analysis and correlation across source data sets<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\nNotify\nthe users promptly on the possible attacks <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Did some research and\nstumbled upon this wonderful tool called Caldera, it is an automated adversary\nemulation system, built on the ATT&amp;CK framework, that performs\npost-compromise adversarial behaviour inside the networks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What did I like about Caldera:-<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00d8&nbsp; It keeps it real<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00d8&nbsp; Focuses on end to end security <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00d8&nbsp; Reusable <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Follow these documents to\nlearn about Caldera<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.blackhat.com\/docs\/eu-17\/materials\/eu-17-Miller-CALDERA-Automating-Adversary-Emulation.pdf\">https:\/\/www.blackhat.com\/docs\/eu-17\/materials\/eu-17-Miller-CALDERA-Automating-Adversary-Emulation.pdf<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.mitre.org\/research\/technology-transfer\/open-source-software\/caldera\">https:\/\/www.mitre.org\/research\/technology-transfer\/open-source-software\/caldera<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/github.com\/mitre\/caldera\">https:\/\/github.com\/mitre\/caldera<\/a><\/p>\n\n\n\n<h1 class=\"wp-block-heading\">&nbsp;<\/h1>\n","protected":false},"excerpt":{"rendered":"<p>Disclaimer: \u2013 This note was written by me (Mayank Nauni)&nbsp;in my personal capacity. The opinions expressed in this article are solely my own and do not reflect the view of my employer or my preference towards any of the OEMs.&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[53],"tags":[49,51,52,50],"class_list":["post-4291","post","type-post","status-publish","format-standard","hentry","category-cyber-security","tag-adversary-emulatiom","tag-blue-team","tag-cyber-security","tag-red-team"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/mayanknauni.com\/index.php?rest_route=\/wp\/v2\/posts\/4291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mayanknauni.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mayanknauni.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mayanknauni.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mayanknauni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4291"}],"version-history":[{"count":3,"href":"https:\/\/mayanknauni.com\/index.php?rest_route=\/wp\/v2\/posts\/4291\/revisions"}],"predecessor-version":[{"id":4294,"href":"https:\/\/mayanknauni.com\/index.php?rest_route=\/wp\/v2\/posts\/4291\/revisions\/4294"}],"wp:attachment":[{"href":"https:\/\/mayanknauni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mayanknauni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mayanknauni.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}