DEF CON Safe Mode Red Team Village - Jorge Orchilles - Deep Dive into Adversary Emulation Ransomware

A day hardly goes by without hearing about another ransomware attack. This talk will focus on how to emulate a ransomware attack without introducing risk. We will understand how ransomware works, learn how criminals are evolving to get paid, create an adversary emulation plan that is safe but valuable for enterprises, and discuss how to defend against ransomware attacks. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement.