2026-05-07 –, Building D/room 1, Workshops and Detection Engineering village
Security teams no longer need to manually configure and perform purple team exercises. It is possible to automate and orchestrate all this flow with a combination of automation and artificial intelligence.
Powered by n8n, Elastic, Caldera, TheHive, and LLMs, this orchestration requires zero manual effort after launch. It continuously fetches and updates APT profiles, executes attack techniques, and analyzes detection logs in the alerting system. If a technique is not detected the system checks SIEM logs, if the activity is logged, it suggests a Sigma use case. If both detection and logging are absent, the system recommends configuration adjustments to ensure future visibility.
In addition, security teams no longer need to manually perform Threat profiling to select the correct adversary TTPs. The system analyzes the target organization’s landscape and intelligently suggests the most relevant APT attack scenarios, or allows users to select one.
The final output is a comprehensive report detailing the detection rate, logging rate, technique descriptions, and recommendations to enhance visibility by suggesting new Sigma rules and refining logging configurations.
This is not just another attack simulation tool, it’s a scalable and flexible AI-driven automation workflow that can be adapted depending on the technologies in your environment while continuously optimizing detection, helping defenders stay ahead of evolving threats.
AI and automation are powerful technologies that can be leveraged to enhance both offensive and defensive security strategies. This talk unveils a fully automated, AI-driven purple teaming Proof of Concept framework that simulates real-world APT attacks, evaluates detection capabilities, and enhances security defense, all in real time.
Join us as we unveil the next frontier of AI-driven adversary simulation framework, where offense and defense merge into an intelligent, automated cycle of continuous security enhancement.
Currently leading the Offensive Security R&D at Hacknowledge SA and a member of the offensive security team. Coming from a blue team background, I transitioned to the red side, focusing on offensive tool development, cloud penetration testing, and purple teaming. With expertise in both attack and defense, I work on advancing adversary emulation, bypassing detection techniques, and automated security assessments.
Red teamer. CVE hunter. AD / WEB Apps destroyer. Dad. Teaches kids to question everything starting with default credentials.