Skip Navigation
Get a Demo
 
Resources Webinars

Atomic ransomware emulation

In this webinar, Gerry Johansen walks through leveraging the open-source threat emulation tool Atomic Red Team to simulate ransomware threat actors’ tactics, techniques, and procedures (TTPs) for continual training and drilling.

On-Demand

45 mins.

Virtual

In this webinar, Gerry Johansen walks through leveraging the open-source threat emulation tool Atomic Red Team to simulate ransomware threat actors’ tactics, techniques, and procedures (TTPs) for continual training and drilling.

 

Being able to replicate ransomware TTPs is a critical component of a security operation center’s continual training program. Often, access to tools to emulate these TTPs are not readily available, and the time necessary to deploy can eat up what little training time the team has.

Gerry reviews the following:

  • An overview of Atomic Red Team: how to quickly set up a test harness and begin testing on a Windows endpoint.  
  • Using threat intelligence: open source intelligence such as CISA or theDFIRreport.com provide comprehensive analysis of ransomware attack TTPs. The specific techniques can be extracted and then used to build a threat emulation plan that emulates the specific TTPs using Atomic Red Team tests.
  • Crafting a threat emulation Plan: Atomic Red Team can be run as a single TTP or chained together in a plan to emulate a specific threat actor.
  • The Atomic Response Drill: This short exercise tests a security operations team’s ability to pivot from a detection to a response.

Key takeaways:

  • Learn how Atomic Red Team can be leveraged as a low-cost threat emulation tool that better prepares security operations and incident response teams to identify and respond to ransomware TTPs. 
  • Obtain a framework for running scenarios and drills that have a clear learning objective that can better prepare teams to address ransomware activity. 
  • As part of the presentation, attendees will also be provided links to various resources including scripts to get Atomic Red Team up and running and sample threat emulation plans.
 
Gerry Johansen
Principal Security Solutions Specialist
Gerry leads a team of incident handling professionals that address customer security challenges daily. Gerry is a former law enforcement officer who investigated cyber crimes at the state and federal. After his law enforcement career, he has worked both in enterprise and consulting environments focused on digital forensics, incident response and threat intelligence. When not forensicating, Gerry can be found off the grid in the great state of South Dakota.
Gerry leads a team of incident handling professionals that address customer security challenges daily. Gerry is a former law enforcement officer who investigated cyber crimes at the state and federal. After his law enforcement career, he has worked both in enterprise and consulting environments focused on digital forensics, incident response and threat intelligence. When not forensicating, Gerry can be found off the grid in the great state of South Dakota.
 
 
Back to Top