AtlSecCon 2022 has ended
Back To Schedule
Thursday, April 7 • 15:00 - 15:45
Being A Better Defender By Channeling Your Worst Adversary: Lessons Learned Over the Past Five Years Building Adversary Emulations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

My background is on the defensive side, but I always had an interest in the red team side of things. After taking SANS Incident Handling 504 back in 2006, who wouldn’t?

Over the past five years, I have built or assisted with building adversary emulations using techniques that adversary groups from around the world utilize. Why? To help blue teamers identify threats and use their tool sets more effectively, as well as demonstrate the value of certain data sets and techniques that can be applied everyday. I’ve been the adversary and I will share with you my experiences, lessons learned, pitfalls that I have encountered and share guidance that may help you.

Attendees will come away with a better understanding of where scenario based adversary emulation fits, how to focus your efforts to ensure that everyone is getting something out of it, guidance on data sets and ideas around where to start when building your scenarios.

Finally, links to existing data sets that we have created will be provided so if you want to see what we produced and use them to improve your own hunting and detection, you can!

avatar for John Stoner

John Stoner

Principal Security Strategist, Splunk
John Stoner is a Principal Security Strategist at Splunk. In his current role, he leverages his experience to educate and improve users’ capabilities in Security Operations, Threat Hunting, Incident Response and Threat Intelligence. He has authored multiple hands-on workshops that... Read More →

Thursday April 7, 2022 15:00 - 15:45 ADT
Track 3 - Summit Suite - Room 608/609