south dakota owasp adversary emulation with mitre’s caldera · caldera can be used to test...

35
South Dakota OWASP Adversary Emulation with MITRE’s Caldera Michael Klosterman, MBA, CISSP, CSSLP, CISA, GCIH, GNFA, GPEN

Upload: others

Post on 26-Mar-2020

4 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

South Dakota OWASPAdversary Emulation

with MITRE’s Caldera

Michael Klosterman, MBA, CISSP, CSSLP, CISA, GCIH, GNFA, GPEN

Page 2: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

who

ami

1985-1998 1997-2001 2002-1999-2002 2002-2005 2006-2012 2012-NOW

IBM 3083 & 4381

Operator

AFSCN Operator

TSO-SKELS-CLIST –SAS programmer

Mainframe Performance and Capacity

Planning

AIX/Unix Sysadmin Windows

LAN networking

Small Bus. Consulting

Windows Server farm / IIS engineer

System and Network Architect

System and Network

Architect – re-architect and rebuild

Small Bus. Consulting – system and

network security; HIPPA

compliance

ISP System & Network Architect;

Helpdesk

Bachelors of Science in IT and Network Management

SCADA C++ / C# Software Developer

IT Director / Litigation Support

FAC-COR Certification,

Level II

EROS InfoSec Mgr

OCIO IA ASOC / SWAT

Masters in Business

Administration (MBA)

Specializing in Project Mgmt

Page 3: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Adversary Emulation with MITRE’s CalderaOutline

Caldera: • What Is It? • Why Do We Need It? • Who Made It? • Where Can We ……… • Server Install • Caldera Overview from the Web GUI

Page 4: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – What is it?

CALDERA offers an intelligent, automated adversary emulation system that can reduce resources needed by security teams for routine testing, freeing them to address other critical problems.

CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring. <Citation Link>

Page 5: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

• (it)…enables automated assessments of a network's susceptibility to adversary success, allowing organizations to see their networks through the eyes of an advanced persistent threat on-demand and to verify defenses and security configuration based upon known threat techniques……… • Use of CALDERA can reduce resources needed for assessments

and allow red teams to focus on sophisticated solutions to harder problems. • It will also allow organizations to more rapidly tune

behavioral-based intrusion detection systems as they are deployed.

Caldera – Why Do We Need It?

<Citation Link> <List of Adversary Emulation Tools>

Page 7: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

•……Run This? • Only in Development environments, unless you are authorized!

•……Get This? • Download from github.com

•……See How to Install and Run This? •We’ll be showing you the installation and use

Caldera – Where Can We …….

Page 8: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….https://github.com/mitre/caldera

Page 9: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….

Page 10: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….

Page 11: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….

Page 12: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….

Page 13: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….

Page 14: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Installation…….

Page 15: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Windows AD and AD Client…….

Page 16: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Windows AD and AD Client…….

Page 17: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 18: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 19: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 20: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….https://attack.mitre.org/

Page 21: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 22: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 23: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 24: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 25: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 26: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 27: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 28: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 29: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 30: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 31: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 32: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 33: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Caldera – Server Overview…….

Page 34: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

•Can I Run This at Work? • Only in Development environments, unless you are

authorized!

•How Do Get This? • Download from github.com

•Can You Install and Run This? • Easily! (though you’ll need a few systems or a VM than

can host them)

Caldera – Review

Page 35: South Dakota OWASP Adversary Emulation with MITRE’s Caldera · CALDERA can be used to test endpoint security solutions and assess a network's security posture against the common

Adversary Emulation with MITRE’s Caldera

Questions?