Fantastic Red Team Attacks and How to Find Them
Adversaries are increasingly adopting red team techniques that can be difficult to observe with common security tools. However, by testing your security architecture with simulated attacks, defenders have the opportunity examine the behavioral context around the threat, which could reveal distinct opportunities for detection and prevention.
In this talk, Casey Smith of Red Canary and Endgame’s Ross Wolf will demonstrate how security teams can use testing platforms like Atomic Red Team to observe discreet attack techniques. They’ll then use Event Query Language to examine the endpoint telemetry generated by these tests to show how you can build security controls around techniques that are typically difficult to detect.