DEF CON Safe Mode Blue Team Village - ch33r10 - Indicators Of Emulation

Cyber threat intelligence, in the past, has primarily focused on extracting, preparing, and analyzing indicators of compromise for digital forensics and incident response, the security operations center, and other teams. This talk proposes that cyber threat intelligence analysts extract indicators of emulation and include them in their threat reports for red team operations, adversary emulation, and purple team exercises. Learn how to extract Indicators of Emulation in Windows-based malware for high-value adversary emulation and purple team exercises based upon org specific data.