Red Mirror: Bringing Telemetry to Red Teaming

Providing impact and insights on a red team engagement is crucial to improving the security posture of the target organization. Too often red teams have to comb through log files, pcaps or other disjointed artifacts to tell the whole story making it difficult especially on long-term engagements. The Red Mirror project is the mirror to the blue team’s SIEM; it’s an ELK-based system that captures operator actions, network traffic including C2 and MITRE ATT&CK tactics. By capturing this extensive amount of data, red teams can now easily query, visualize, and report on their actions. The gathered data has the added benefit of enabling red teams to perform infrastructure and operational security monitoring.

Presented by