Explore the world of red team analytics and behavioral heuristics in this NorthSec 2019 conference talk by Kelly Villanueva. Dive into the concept of heuristics, distinguishing between automatic and calculated decision-making processes. Examine real-world case studies, including the "Linda Problem" and everyday morning decisions, to understand how experience and context influence our choices. Learn about Active Directory concepts and fast-track methods to Domain Admin. Discover techniques for blending in with legitimate network traffic, including reproducing Google and Microsoft patterns, utilizing domain fronting, and leveraging cloud providers. Gain insights into effective phishing strategies and the importance of maintaining authenticity in red team operations. Apply behavioral science principles to enhance your approach to adversary simulation and improve overall security posture.
Overview
Syllabus
Intro
Red team analytics
What is a heuristic?
Automatic vs calculated
Case study: Making Xerox Copies
Common behavioral heuristics
The Linda Problem
Your morning decisions
Experience and context
Active Directory Concepts
Fast lane to DA
Appearance
Physical assessments
Adobe
Browser extensions
Microsoft Office
MacOS App Store
Brief overview of Command and Control (C2)
(A few) cloud providers
Reproducing Google and Microsoft network traffic
Unique parameters
Potential infrastructure setup
Domain fronting
Telling a story with Microsoft
Blending in with real Google products
Domain categorization vendors
Being real
Phishing yourself
Taught by
NorthSec
