If Red Teaming Is Easy: You're Doing It Wrong

Wednesday, January 30, 2019 - 1:30 pm2:00 pm

Aaron Grattafiori, Facebook

Abstract: 

Red Teaming is a popular topic for both internal security teams, and for external contractors to emulate real world attacks and improve defenses. Going beyond the pentest model, Red Teaming delivers inarguable results that critically inform detection, prevention and response for an organization's security. However, it is often thought of as the "easy" side of InfoSec, and many Red Teams operate on a "win and go home" model. It can be quite easy, but if it is, you're not achieving the true goal: improved security at an organization or company via an adversarial perspective.

In this talk, Aaron will explore how proper Red Teaming can be extremely challenging, how it often requires understanding an organization functions, knowing how to attack different technology stacks, even exploring business risks, insider threats and abuse. To have an impact or achieve a compromise, sometimes a team may need to understand the target areas more than the people who create or maintain them. However popular Red Teaming is now, and whatever is being targeted, we're only scratching the surface of what is possible.

Aaron Grattafiori, Facebook

Aaron Grattafiori leads the Red Team at Facebook, where he focuses on offensive security, vulnerability research, adversary simulation, and performing bold full scope operations. Previously, Aaron was a principal consultant and research lead at iSEC Partners/NCC Group for many years. Aaron has spoken at national security conferences such as Black Hat and DEFCON as well as regional conferences such as Toorcon and SOURCE. When not breaking things, he enjoys covert channels and long walks on the blockchain.

BibTeX
@conference {226305,
author = {Aaron Grattafiori},
title = {If Red Teaming Is Easy: You{\textquoteright}re Doing It Wrong},
year = {2019},
address = {Burlingame, CA},
publisher = {{USENIX} Association},
month = jan,
}

Presentation Video