Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. Executing adversary simulations in monitored environments produces the telemetry that allows blue teams to identify gaps in visibility as well as build, test and enhance detection analytics.This presentation will describe a methodology to incorporate adversary simulation into detection programs as well as release a tool blue teams can use to test the resilience of detection controls
Mauricio Velazco (@mvelazco) is a Peruvian, Infosec professional who started his career as a penetration tester and jumped to the blue team 7 years ago. He currently leads the Threat Management team at a financial services organization where he focuses on threat detection/hunting and adversary simulation. Mauricio has presented and hosted workshops at conferences like Defcon, Derbycon, BSides and the SANS Threat Hunting Summit. He holds a few certifications including OSCP and OSCE.