Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide

My key takeaways

The Atomic Red Team Project (ART) is a open source library of scripted attacks

ART uses the MITRE ATT&CK Matrix as structure

ART emulates what an Attacker might do after compromise; msf tries to make use of vulns in software

Emulating attacks helps to improve detection of attacks and comparing security products

Vectr.io is a feature rich tool and report framework for purple team collaboration

Atomics can be executed manually. Better use the PowerShell Execution Framework: Invoke-AtomicRedTeam

Windows Defender doesn't like ART, put it on the exclude list

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a

Jean-Christoph von Oertzen

Blog

Infosec glossary

Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide

My key takeaways

Env

additional links

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise