Introduction to Adversary Emulation with Prelude Operator
Kristopher Willis, Principal Security Engineer, Prelude Research, Inc.
WORKSHOP ABSTRACT
The modern cybersecurity landscape is an escalating arms race between attackers and defenders - attackers are constantly researching and building new techniques and tools while defenders try to identify, detect, and respond to them. Using automation tools that emulate attacker methodologies, defenders can perform simple, repeatable attacks to drive their detection engineering efforts, security validation tasks, and ultimately improve processes. This entry level class will take students through the basics of setting up and using Operator to perform basic adversary emulation tasks and investigate how that can be used to create a continuous defensive evaluation process.
COURSE CONTENT
- Basics of offensive infrastructure and command and control (C2) tools
- Basics of threat modeling and parsing Cyber Threat Intelligence (CTI)
- How to use Operator to construct and launch basic adversaries
- Basics of planning cyber exercises (Plan, Brief, Execute, Debrief - PBED cycle)
- How to build a continuous defensive evaluation/improvement process
PRE-REQUISITES
- Computer/Laptop (Windows, Linux, macOS)
- Basic knowledge of using a Shell environment (Powershell, Bash, etc)
REQUIREMENTS
- Computer/Laptop (Windows, Linux, macOS) - need Administrator privileges
- Recommend Ubuntu 20.04/Kali 2021+, Windows 10+, macOS 11.6+
- [Optional]: AWS free tier account (provisioning redirectors and test servers)
WHO SHOULD ATTEND
- Students/individuals interested in general cybersecurity topics
- Blue team/defenders (tools, techniques, processes)
- Red team/purple team (tools, techniques, processes)/li>
- Management looking for process improvement methodologies/li>
WHAT TO EXPECT:
- Hands-on labs based around the core content
- Actually using a C2 framework, building basic adversary profiles, and running them against systems
WHAT NOT TO EXPECT:
- Death by powerpoint slides
- Extreme technical on any topic in particular
SPEAKER PROFILES:
Alex Manners is a Principal Cybersecurity Engineer at Prelude Research Inc. There, he leads the Security Research and Engineering team building attacks, agents, and more, for an autonomous red teaming platform called “Operator”. Prior to joining Prelude, Alex spent 2 years at The MITRE Corporation as the research and development (R&D) team lead for the CALDERA adversary emulation framework and a member of the ATT&CK Evaluations team. His experience spans the government and private sector, including cloud security at Amazon Web Services (AWS), federal contracting at CACI, and several years as a Cyber Warfare Operations Officer in the US Air Force (USAF).
Kristopher WillisKristopher Willis is a Principal Cyber Security Researcher at Prelude. Kris has both his Masters in Computer Security Fundamentals, CSE and Bachelors in Information Studies from the University of South Florida. During his time at the University of South Florida, Kris played numerous capture the flag (CTF) competitions and was a 2-term President of Whitehatters Computer Security Club (WCSC). Kris has since gone on to professionally compete, organize, and create challenges for CTFs. Professionally, Kris has experience within Academia, DoD contracting (both small and large), and within the DOE National Lab space. Kris was a technical lead on AFRL BlackBadge program which facilitated DARPA Cyber Grand Challenge (CGC). Kris was also a technical lead on ACT and ACT2 programs delivering operationally ready offensive cyber tools. Kris’s primarily technical background is in software vulnerability research, automated program analysis, program synthesis, and offensive cyber tool development.
