dade has spoken on some red team topics before, and maybe he’ll be speaking again soon.
Building Continuous Reconnaissance into Red Team Operations
Where: aRcTicCON // Minneapolis, MN
When: May 9, 2019
Abstract: Internal red teams deal with an environment that is both constantly changing and seemingly not changing at all. As red teams, it is our responsibility to provide an attacker’s perspective of the network. Traditionally this happens in the form of point in time assessments that may span anywhere from a few days to several months and focus on an objective. This talk proposes an additional service for your red team to provide – a continuously monitored attacker’s perspective of the attack surface. This can be used to enable more timely attack simulations and enable the team to proactively detect flaws in the environment. This talk explores some types of data that can be collected continuously and the value that it can provide to a red team. It will also introduce tooling to automate network scanning for continuous data.