DEF CON Safe Mode Red Team Village - Shay Nehmad - Making Breach and Attack Simulation Accessible

Oftentimes one of the greatest challenges for security professionals today is finding a way to effectively communicate the state of a network’s security posture, and what steps are necessary to achieve the organization’s security goals. Red teamers are already familiar with executing a typical Breach and Attack simulation, but how can they take greater advantage of their findings, and better yet, share those with the C-suite? The Infection Monkey is a mature, widely-used Open Source GPLv3 licensed tool specifically developed for enterprise red teams. Designed to test an organization’s detection and response methods and teams, the Monkey simulates all steps of an attack by mimicking a variety of adversary moves such as scanning, exploitation, lateral movement, password stealing, network mapping, security control bypass and more. Overall, the Infection Monkey’s simulation reveals it contains a lot of stages one might find in a manual penetration test (or in a real attack). The Monkey is easily configurable, and starts from a single machine and propagates according to the test scenario while collecting data, employing attack tactics, performing security tests and looking for more machines to attack. The results are generated in real-time, shown in a network map and also presented in 3 detailed reports. With the Monkey, red teams can autonomously test specific parts of the network with multiple attack scenarios on a regular basis - like executing a lateral movement scenario from an internet-facing server to a sensitive system deployed in a different part of the network. Further, the Monkey maps its findings to both the MITRE ATT&CK knowledgebase and Forrester’s Zero Trust framework to provide in-depth reports with actionable recommendations for achieving a stronger security posture. When mapping to the Zero Trust framework, the report identifies and prioritizes the steps and decisions required to achieve a true Zero Trust network - whether that’s verifying that the current security stack meets Zero trust requirements or outlining specific actions that blue teams can perform to implement better security measures. By mapping the reports to MITRE ATT&CK, the Monkey communicates the results of the attack in plain language, making the advanced tool accessible and effective for any red team. These reports enable security professionals to address and improve their security posture using the metrics, methods, and ideas they already care about aka if your CISO wants to achieve Zero Trust, their team can clearly map out the steps required to get there with the Monkey’s reports. In this talk, Penetration Testers, Network Engineers, Exploit Developers, and other Security professionals will experience a typical Breach & Attack simulation through the lens of the Monkey to learn how open source solutions can improve and add efficiencies to their teams. Shay will take attendees through a demo of Infection Monkey to demonstrate a typical “before and after” scenario with the Monkey. He will run the Monkey in a test environment, aka the “before,” to identify security gaps and then mitigate the issues using advice offered by the Monkey’s reporting. Finally, Shay will run the Monkey in the “after” environment to show how effective this Breach and Attack simulation can be in strengthening security posture.