Black Hat

Las Vegas, NV | Aug 3-8, 2019

If you’re attending Black Hat, be sure to attend this talk by Red Canary and our partner Endgame!

Fantastic Red Team Attacks and How to Find Them

Adversaries are increasingly adopting red team techniques that can be difficult to observe with common security tools. However, by testing your security architecture with simulated attacks, defenders have the opportunity examine the behavioral context around the threat, which could reveal distinct opportunities for detection and prevention.

In this talk, Casey Smith of Red Canary and Endgame’s Ross Wolf will demonstrate how security teams can use testing platforms like Atomic Red Team to observe discreet attack techniques. They’ll then use Event Query Language to examine the endpoint telemetry generated by these tests to show how you can build security controls around techniques that are typically difficult to detect.

Casey Smith
Director of Applied Research
Casey leads research and testing efforts at Red Canary, continually working to understand and evaluate the limits of defensive systems. He led the development of Atomic Red Team, an open-source testing platform that security teams can use to assess detection coverage.
Ross Wolf
Senior Threat Researcher, Endgame
Ross Wolf is a researcher at Endgame, where he creates solutions to simplify detecting adversarial behavior in endpoint data. Ross was previously an engineer at MITRE and has contributed to ATT&CK and the Cyber Analytics Repository. He was recently co-granted a patent for CALDERA, a project which automated post-compromise adversary emulation.