BSides Toronto 2023

Adversary Emulation for Everyone!
10-21, 11:30–11:55 (US/Eastern), ENG 103

Sun-tzu said it best: "If you know the enemy and know yourself, you need not fear the result of a hundred battles." Understanding the adversary is essential when formulating cyber defenses in modern times. Join us for an introduction to adversary emulation where we'll introduce some core concepts, terminology, and tooling with which you can build a FREE adversary emulation homelab.

Adversary emulation is an increasingly popular area that is commonly conducted at the intersection of offensive and defensive security practice. By focusing on real-world threat actor behaviors, security professionals can increase the realism of cyber exercises and prepare more effectively for when the real threat actors come knocking.

Emulating threat actor behavior is more than just a technical problem, however. We also need the means with which to describe and understand their behaviors: enter MITRE and the application of cyber threat intelligence into the mix.

If you've ever found yourself asking any of the following questions, this talk is for you:

  • What is adversary emulation?
  • Why do I keep seeing MITRE (ATT&CK & D3FEND) everywhere?
  • Case study: a KPMG purple team exercise
  • What is driving adversary emulation?
  • Isn't this stuff expensive? (Spoilers: NO - Atomic Red Team, Caldera, Vectr, and others are super cool and FREE!)
  • How can I build a purple team homelab?

Cristian Di Bartolomeo is a consultant within KPMG Canada's GTA Cyber Defense practice. Cristian's primary responsibilities include the delivery of various technical security assessments. Cristian can often be found developing tooling for adversary emulation and purple team exercises.

Todd Brecher is a manager within KPMG Canada's GTA Cyber Defense practice. Todd's primary responsibilities include the management and delivery of technical security assessments like penetration testing, adversary emulation, and purple team exercises.