Offensive Development: How to DevOps Your Red Team presented at BSidesManchester 2019

by Dominic Chell,

Summary : During this talk we will explore how DevOps principles can be applied to red teaming, focusing on the implementation of a custom CI/CD pipeline to automatically consume, build and deploy existing and custom tooling to an environment in a manner agnostic to any command and control framework.We will explain how this approach can not only significantly reduce indicators of compromise, but also introduce the capability to programmatically and automatically protect all your tools from DFIR.Following the talk, we will release redpipe, a custom CI/CD pipeline developed by MDSec for use during red team engagements. Profiling The Attacker | Using Natural Language Processing To Predict CrimeJames StevensonN/AN/AWhat does Minority Report, Black Mirror, and 1984 all have in common?.. Well, let's find out On a day to day basis we countlessly write notes, send messages and respond to emails. The question is, however, what does what we write actually show about us, and how can we use the meaning behind these pieces of text to predict crimes and attacks. This talk delves into just this - how machine learning, and specifically natural language processing and sentiment analysis, can be used to predict crime and security attacks. This, of course, comes hand in hand with talking about predictive policing approaches, biases in predictive policing, and how natural language processing can be used to automate this whole process.