welcome to module three. Less than three.
In this lesson. We will explore my personal favorite application of attack,
and appreciate how third emulation can use known adversary behaviors such as those documented with an attack to assess, measure and eventually improve our defenses.
This lesson will focus on what we call intelligence driven emulation or red team's making known threats.
This process allows us to operationalize and intelligence we discussed in less than one. Specifically, we can use C. T. I to scope and prioritize what threats and behaviors as red teams we evaluate
at the end of the day. This allows us to observe and evaluate our defenses from the respective that matters that ever adversaries.
Let's look back at the detection analytic from listen to.
As you recall, this analytic is targeting
detecting adversaries, dumping credentials, Bielsa's memory.
But the question arises after developing and deploying this analytic.
What's the next step is a defender.
Do we wait for an adversary to trigger or potentially bypasses analytic?
We can look back at attack and compare this analytic
two documented procedures.
We can also triage news media,
which may pose new questions such as are we safe against the unknown or previously undocumented procedures?
This is where threatened form assessments comes in.
As you can see with example, adversary emulation plan below, we can use intelligence to build out real world adversary https into Red team scenarios.
This process allows us to actually build out a team TPS
that provide output that are more quantitative and closely measure how we fare against real adversary behaviors.
Here's another example of using C. T. I to build out red team scenarios and behaviors that we can execute for better assessments.
And with that, we started to check for less than three.
there is a limit to the number of different ways a single behavior can be emulated,
please positive video and take a second to think of the correct answer before proceeding.
In this case, the correct answer is false.
Similar to procedures,
there is no limit to the number of ways a single behavior can be emulated
or executed by an adversary.
we've reached the end of less than three.
they're emulation is an offensive assessment, making particular adversary behaviors such as those documented with an attack
we can use threat emulation to address the unlimited number of procedures or variations of how adversary techniques can be executed by adversaries or red teams.
we can use this threat emulation process to understand how our defenses fare against specific threats and their behaviors.