The Splunk Attack range framework provides different tools to allow security analysts to test network, host and applications against a number of known adversarial TTPs based on Mitre ATT&CK framework. The Splunk Attack Range framework allows the security analyst to quickly and repeatedly replicate and generate data as close to "ground truth" as possible, in a format that allows the creation of detections, investigations, knowledge objects, and playbooks in Splunk Phantom.This 2 hour workshop will provide attendants with access to Splunk Attack Ranges containing adversarial simulations engines (Caldera, Atomic Red Team), target machines and a Splunk server receiving attack data. Instructors will provide step by step instructions on where to get the code for the framework, how to build it and how to use it to simulate attacks, create detections and defense artifacts.
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.
Principal Security Research Engineer at Splunk. Worked at Prolexic Technologies (now Akamai), and Caspida. Cofounder of Hackmiami and Pacific Hackers meetups and conferences. Creator of Kommand && KonTroll / NoQrtr-CTF.