03-19, 14:40–15:30 (UTC), Mainstage
Explore how Red Teams mimic the Tactics, Techniques and Procedures (TTPs) of nation states threat actors. With DORA on the horizon, many organizations across Europe will be subject to threat-informed red team exercises (TLPT). This talk will show how a red team simulates advanced nation state adversaries and organized crime groups.
For red teams, TIBER and TLPT pose a unique challenge: attacking large, mature organizations, while simulating the behavior of nation state adversaries such as FANCY BEAR, TWISTED PANDA or RAMPANT KITTEN.
This presentation will shine a light on how ARES, the red team of NVISO accomplishes exactly that. The author will provide insights into typical TTPs of Chinese, Russian and Iranian and how the red team must adjust to stay under the radar. Using technical case studies from past engagements and demonstrations of the tools and techniques involved, the audience will learn how the red team must adjust to modern security solutions to stay under the radar.
Peaking behind the curtain of red team engagements in mature, highly monitored environments, this talk will also include examples why a lot of TTPs commonly used by organized crime groups are not suited for stealthy red team operations.
After the this talk, the audience will gain a better understanding of the frameworks governing red team operations and the challenges faced during adversary simulations.
Kevin Ott is a seasoned red team professional experienced in planning and running attack simulations across different industries, including finance, retail, manufacturing, and energy sectors. His focus is to further develop the offensive capabilities and custom tooling for engagements. In addition to his operational red teaming experience, Kevin is an experienced instructor for various red teaming topics and has recently started the process of becoming an instructor for SANS (SEC670). Outside of work he enjoys a multitude of activities, including climbing, martial arts and irregular visits to the gym.