A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Red Mirror: Bringing Telemetry to Red Teaming - Zach Grace Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Red Mirror: Bringing Telemetry to Red Teaming
Zach Grace
Derbycon 2018

Providing impact and insights on a red team engagement is crucial to improving the security posture of the target organization. Too often red teams have to comb through log files, pcaps or other disjointed artifacts to tell the whole story making it difficult especially on long-term engagements. The Red Mirror project is the mirror to the blue team’s SIEM; it’s an ELK-based system that captures operator actions, network traffic including C2 and MITRE ATT&CK tactics. By capturing this extensive amount of data, red teams can now easily query, visualize, and report on their actions. The gathered data has the added benefit of enabling red teams to perform infrastructure and operational security monitoring.

Zach has worked in offensive security for the last eight years focusing on securing financial institutions by breaking into them. He is currently the red team lead for a Fortune 100. Zach is the creator of the open source security projects changeme and Sticky Keys Hunter, and has contributed to several others including Metasploit, Empire and Recon-ng.

@ztgrace

Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast