filmov
tv
The benefits of Infrastructure as Code for adversary simulation (Benjamin McMillan, Privasec)
Показать описание
CRESTCon Australia 2021 presentation
Watch CREST's interview with Benjamin here:
Watch the rest of CRESTCon Australia content here:
APRA has “fast-tracked due to urgency of threat” the CPS 234 standard that requires Australian financial institutions to systematically test their resilience against cyber threats. Red Teaming by way of a “no holds barred” pen test is not going to be an effective way to demonstrate a security capability commensurate with real-world threats.
Red Team infrastructure needs to be purpose-built, which can take significant time if it’s to be tailored to the characteristics of an APT, in addition to being modular, disposable, time & cost efficient, and resistant to human error.
This presentation will attempt to clarify modern Red Team requirements and detail some benefits of Infrastructure as Code solutions for adversary simulation, including a crash course in Terraform.
Benjamin is a Senior Consultant in the Privasec RED team. He is an offensive security generalist with capabilities across internal and external infrastructure, “assumed breach” scenarios, web application, Wi-Fi, and mobile testing. He has a passion for adversary simulation and post-exploitation of Windows domain networks. He holds the CREST CRT, OSCP, and CISSP certifications.
Privasec:
Stay up to date with CREST:
This CREST video is suitable for self-directed CPD
#RedTeam #CyberSecurity
Watch CREST's interview with Benjamin here:
Watch the rest of CRESTCon Australia content here:
APRA has “fast-tracked due to urgency of threat” the CPS 234 standard that requires Australian financial institutions to systematically test their resilience against cyber threats. Red Teaming by way of a “no holds barred” pen test is not going to be an effective way to demonstrate a security capability commensurate with real-world threats.
Red Team infrastructure needs to be purpose-built, which can take significant time if it’s to be tailored to the characteristics of an APT, in addition to being modular, disposable, time & cost efficient, and resistant to human error.
This presentation will attempt to clarify modern Red Team requirements and detail some benefits of Infrastructure as Code solutions for adversary simulation, including a crash course in Terraform.
Benjamin is a Senior Consultant in the Privasec RED team. He is an offensive security generalist with capabilities across internal and external infrastructure, “assumed breach” scenarios, web application, Wi-Fi, and mobile testing. He has a passion for adversary simulation and post-exploitation of Windows domain networks. He holds the CREST CRT, OSCP, and CISSP certifications.
Privasec:
Stay up to date with CREST:
This CREST video is suitable for self-directed CPD
#RedTeam #CyberSecurity
0:08:51
0:03:17
0:11:20
0:02:40
0:00:52
0:13:07
0:10:49
0:06:48
0:24:29
0:14:22
0:04:11
0:35:23
0:37:06
0:26:52
0:02:15
0:34:21
0:05:53
0:13:31
0:02:15
0:01:00
0:01:47
0:01:13
0:00:51
0:00:41