The Imitation Game: emulating attackers presented at BSidesLondon 2019

by Wietze Beukema,

Summary : How do you realistically emulate attacker behaviour? Whether you are testing your own defences, want to improve them or are investigating new attacker techniques, generating realistic adversarial behaviour is hard. The MITRE corporation released CALDERA last year, a very powerful (but underrated) attacker emulation tool. It allows you to implement your own attacker techniques and model attacker groups based on techniques they use. Using a clever, built-in decision planner, it will chain selected attacker techniques in order to execute a realistic end-to-end attack path. This talk looks at how you can turn new attacker techniques into CALDERA actions, how to chain them together and what that looks like in a controlled environment. Using LOLBins, webshells and Powershell weirdness, we'll look at how to do emulation right