DEFCON Workshop

Shibby ConsultantsLogo artist @bootlegduck

Metaphysics Company contracted the services of Shibby Consultants. Shibby Consultants performed a Red Team Assessment simulating an outsider threat using real-world adversary techniques, and the goals included:

  • Finding an entry point from the outside and get a foothold inside the network.
  • Move around with stealthy techniques and identify critical data.
  • Exfiltrate critical information.

The red team findings included:

  • Successful phishing campaign using a link against the HR department leading to compromise many endpoints.
  • A keylogger was installed on the HR endpoints, and it was not detected.
  • Credentials stored on LSASS were dumped using mimikatz and used to move laterally.
  • Customer PII data was identified, and the files were exfiltrated using Dropbox.

Shibby Consultants just documented the results in a summary;
they didn’t map the findings to a MITRE ATT&CK or categorize them by severity.

Shibby Consultants Card


  1. Read theShibby_Consultants_letter.pdf
  2. Map each one of the Red Team findings from the Shibby_Consultants_letter.pdf to MITRE ATT&CK® IDs using the MITRE ATT&CK® website.
  3. Determine Frequency*
  4. Determine Exploitability*
  5. Determine complexity*
  6. Use the values obtained to calculate the severity*
  7. Prioritize based on severity

You can use: