Patrick Mkhael
Currently leading the Offensive Security R&D at Hacknowledge SA and a member of the offensive security team. Coming from a blue team background, I transitioned to the red side, focusing on offensive tool development, cloud penetration testing, and purple teaming. With expertise in both attack and defense, I work on advancing adversary emulation, bypassing detection techniques, and automated security assessments.
Session
Security teams no longer need to manually configure and perform purple team exercises. It is possible to automate and orchestrate all this flow with a combination of automation and artificial intelligence.
Powered by n8n, Elastic, Caldera, TheHive, and LLMs, this orchestration requires zero manual effort after launch. It continuously fetches and updates APT profiles, executes attack techniques, and analyzes detection logs in the alerting system. If a technique is not detected the system checks SIEM logs, if the activity is logged, it suggests a Sigma use case. If both detection and logging are absent, the system recommends configuration adjustments to ensure future visibility.
In addition, security teams no longer need to manually perform Threat profiling to select the correct adversary TTPs. The system analyzes the target organization’s landscape and intelligently suggests the most relevant APT attack scenarios, or allows users to select one.
The final output is a comprehensive report detailing the detection rate, logging rate, technique descriptions, and recommendations to enhance visibility by suggesting new Sigma rules and refining logging configurations.
This is not just another attack simulation tool, it’s a scalable and flexible AI-driven automation workflow that can be adapted depending on the technologies in your environment while continuously optimizing detection, helping defenders stay ahead of evolving threats.