10-18, 14:30–15:10 (US/Eastern), Twitch
Emulate.Go - A tool released at DEF CON Red Team Village 2020 to help abstract the complexity away from running adversary emulation exercises through focusing on command line execution for initial access.
This talk will
- demonstrate how to use the tool within a lab environment
- dive deep into how to use the tool and lab 2 environments to build skills that are valuable in the industry
I myself created Emulate.GO and want to demonstrate it at my local conference, with some use case examples and detection examples. The original talk was more focused on extracting indicators from relevant attacks/malware and executing with Emulate.GO, rather than the different use cases and guides for use.
Benefits of the tool:
- Logging of command execution allows easier correlation in defensive tools
- run a list of commands to execute
- Non-intimidating tool allowing ease of use
Labs to be demonstrated:
- Applied Purple Team Lab
- Splunk Attack Range
Methodology:
- Understanding an attack
- Executing an attack
- Review relevant logs
- Creating a filter for detection/hunting/alerting
Haydn lives local to Toronto and contributes to the community via blogging and talks. Haydn has over 7 years of information security experience, including network/web penetration testing, vulnerability assessments and Cyber Threat Intelligence. He was on the 2019 SANS Purple Team CFP review board and currently holds the OSCP, GXPN and eCIR certifications. @haydnjohnson has gained both red and blue team experience.