The Attack you Dreamed of with Simulation
Detecteam is a novel framework to allow anyone to build attacks from behaviors. By describing the stages of the attack it enables instant data footprint translation.
This attack data is then sent to log management systems to determine what worked and what did not, thus identifying detection gaps. This allows you to improve your systems and help your teams before it is too late.
In reality, every organization is surrounded by security products. Larger organizations even have dedicated security teams. However this does not prevent attacks as we can see in the newspaper every day.
What does it mean to detect a phishing or ransomware attack? What is the threshold level? Are your teams trained? Those are questions we aim to respond to.
This presentation focuses on reconstructing the attack footprint, network traffic and log data to verify security without interacting with any vendor's device. We are launching to the CanSecWest community as the public is highly technical and expectations are really high. We will go over the technical details: creating the BAS (Breach and Attack Simulation) programming language to accurately describe attacks, translating it into data and verifying it from the SIEM.
The emulation platform is being used to expose weaknesses in products, processes or employee training to better prepare for future attacks.
About the Presenter: Sebastien Tricaud
Sebastien Tricaud is the Founder and CEO of Detecteam and has been the author/contributor of various popular software such as Linux PAM, faup (https://www.github.com/stricaud/faup) to parse URLs, etc.
Sebastien is a former manager and director of security engineering for the Splunk and Devo log analysis platforms. He has been an advisor to multiple organizations around the world.