People use behavioral heuristics, aka mental shortcuts, to make 35,000 predictions a day, and engineers use heuristics to develop complex algorithms overnight. Throughout this presentation, I’ll demonstrate how I use behavioral science research to identify Active Directory misconfigurations, target confidence in fragile systems, and create strong narratives in order to bypass security controls. After establishing that offensive tradecraft reflects the cognitive limitations in our decision-making abilities, I will use red team recommendations to question routine habits and encourage rational thinking.
Kelly is a consultant at SpecterOps with several years of experience improving the security posture of Fortune 500 companies through adversary simulation activities. Since graduating from the University of Miami, Kelly has informally continued her studies in behavioral science and economics, and she enjoys applying her abstract ideas to red team operations.