DEFCON Workshop

Logo artist @bootlegduck

Metaphysics Company contracted the services of Shibby Consultants. Shibby Consultants performed a Red Team Assessment simulating an outsider threat using real-world adversary techniques, and the goals included:

• Finding an entry point from the outside and get a foothold inside the network.
• Move around with stealthy techniques and identify critical data.
• Exfiltrate critical information.

The red team findings included:

• Successful phishing campaign using a link against the HR department leading to compromise many endpoints.
• A keylogger was installed on the HR endpoints, and it was not detected.
• Credentials stored on LSASS were dumped using mimikatz and used to move laterally.
• Customer PII data was identified, and the files were exfiltrated using Dropbox.

Shibby Consultants just documented the results in a summary;
they didn’t map the findings to a MITRE ATT&CK or categorize them by severity.

Workshop

1. Read theShibby_Consultants_letter.pdf
2. Map each one of the Red Team findings from the Shibby_Consultants_letter.pdf to MITRE ATT&CK® IDs using the MITRE ATT&CK® website.
3. Determine Frequency*
4. Determine Exploitability*
5. Determine complexity*
6. Use the values obtained to calculate the severity*
7. Prioritize based on severity

You can use:

• https://crtfss.com
• https://attack.mitre.org/matrices/enterprise/